Read more: pulse.latio.tech
A critical vulnerability, CVE-2024-47177, has been discovered in the Common Unix Printing System (CUPS), allowing remote attackers to execute arbitrary commands on vulnerable systems. This vulnerability is a combination of four separate vulnerabilities, CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, which are exploited together to achieve remote code execution. The exploit only requires an attacker to send a UDP packet with a URL to a system which the attacker controls. The attacker can then execute arbitrary commands as the “foomatic-rip” process and continue with their post-exploitation goals. Organizations should immediately patch their CUPS installations to mitigate this vulnerability. As a precaution, it is also recommended to disable the “cups-browsed” service and use firewall rules to prevent access to UDP port 631. Sysdig Secure and Falco are tools that can be used to detect malicious activity related to this vulnerability.