close
close
gmask

Experts warn that your devices could be compromised by hacking the CUPS open source printing system

Irishu
Experts warn that your devices could be compromised by hacking the CUPS open source printing system

Future and its syndication partners may earn commission when you buy through links in our articles.

Credit: Pixabay

Common UNIX Printing System, or CUPS, can be exploited to run malicious code Experts have warned that vulnerable endpoints can be controlled remotely.

CUPS is an open source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues by supporting both native and native support. network printers. CUPS uses the Internet Printing Protocol (IPP) as its primary protocol, allowing seamless printer discovery and job submission across networks. It also includes a web-based interface for managing printers, print jobs, and configurations.

Cybersecurity researcher Simone Margaritelli of Evil Socket discovered an issue with the system’s ability to discover new printers. As the researcher explained, there are four vulnerabilities in CUPS: CVE_2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. When chained together, these vulnerabilities allow threat actors to create a fake, malicious printer and allow CUPS to discover it.

Barriers to abuse

When a user tries to print something using this new device, a malicious command is executed locally on their device.

Although it seems like a major vulnerability, Red Hat labeled it as ‘important’ rather than ‘critical’, and that’s mostly because there were a lot of hoops to jump through before the flaw could be exploited for RCE.

The first and biggest of these is turning on the component called cup-browsed daemon, which allows you to search and print to printers shared on the local network. Sometimes it’s off by default, sometimes it’s on, the researcher said.

The second big hoop is to get the victim to choose the new printer that appears out of nowhere over their usual machine.

Red Hat is currently working on a fix, so no patch is available yet. But the easy fix is ​​to stop the glasses browsing service from running and prevent it from starting when it restarts.

through BleepingComputer

More from TechRadar Pro