Vulnerability Awareness – Understanding and Safeguarding Against the Critical CUPS Vulnerabilities

New high-severity vulnerabilities have been disclosed in the Common Unix Printing System (CUPS), an open-source printing system widely used on Unix-like print servers (see below for a list of affected operating systems), allowing attackers to gain entry and take control of devices remotely. WaterISAC is sharing for member awareness of actively exploited critical vulnerabilities that may impact your utility and urges system admins to take swift action to mitigate this threat to help protect against remote hijacking attacks, data theft, and other serious attacks. Researchers have also been able to show how CUPS can be abused for DDoS attacks.

For updated information and security advisories for your specific distribution see Linux Security.

The four CVEs received CVSS scores ranging from high to critical

• CVE-2024-74176: 8.4 (high)
• CVE-2024-47076: 8.6 (high)
• CVE-2024-47175: 8.6 (high)
• CVE-2024-47177: 9.0 (critical)

Operating systems that use CUPS include and are not limited to: ArchLinux, Debian, Fedora, Red Hat Enterprise Linux (RHEL), ChromeOS, FreeBSD, NetBSD, OpenBSD, openSUSE, and SUSE Linux

Immediate Mitigation Recommendations:

• Update CUPS installation, regularly check for updates to CUPS, and apply security patches released by your distros.
• Disable the cups-browsed service if it is not needed.
• If the steps above are not possible, block all traffic to port 631 (default configuration) and DNS-SD if possible.
• Monitor for further guidance.

Additional Information and resources regarding the recent CUPS vulnerabilities:

• Critical CUPS Vulnerability Exposes Linux Systems to Remote Hijacking | Linux Security
• Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution | The Hacker News
• How to Safeguard Your Systems from Linux CUPS Vulnerabilities | Check Point