Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
On September 26, 2024, security researcher Simone Margaritellidisclosed the details of four OpenPrinting Common UNIX Printing System (CUPS) vulnerabilities, that, when chained together, can allow malicious actors to launch remote code execution (RCE) attacks on vulnerable systems.
CUPS is a widely used, open-source printing system that supports Linux and other Unix-like operating systems. It also supports ChromeOS and macOS.
As of writing, one of the four CUPS zero-day vulnerabilities received a critical severity score, while the rest have high severity ratings. Details of the vulnerabilities are as follows:
Red Hat details the attack chain of how malicious actors can exploit these vulnerabilities in its blog post.
Regarding these vulnerabilities’ CVSS scores, it should be noted that initially, Margaritelli tweeted that “Canonical, RedHat and others have confirmed the severity, a 9.9,” for at least one of the CUPS flaws and shared a supporting screenshot from a Red Hat engineer who estimated the score.
However, as of publishing, the highest CVSS rating is at 9.0. On September 27, 2024, Red Hat published a security bulletin regarding these CUPS vulnerabilities where they shared that “these issues are rated with a severity impact of Important, and in their default configuration are not vulnerable.”
It is important to note that while most Linux systems come with CUPS, it is atypical for systems to have the `cups-browsed` service enabled, as it is, by default, disabled. The `cups-browsed` daemon must be manually enabled to expose a targeted system’s UDP ports on a network.
Additionally, a malicious actor looking to exploit this vulnerability must also find a way to trick users into triggering a print job from a malicious printer server on their local network.
Although patches for these bugs are still unavailable as of writing, Margaritelli recommends the following security best practices:
Trustwave will continue to monitor this developing situation, and we remain on standby for our clients to provide further details as more information becomes available.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.