A naukri.com initiative
Qualys
1M
299
Image Credit: Qualys
Critical Unauthenticated RCE Flaws in CUPS Printing Systems
- A new set of critical unauthenticated Remote Code Execution (RCE) vulnerabilities were revealed in CUPS.
- These vulnerabilities can allow a remote attacker to execute arbitrary code on a target system without valid credentials or prior access.
- Major organizations like Canonical and Red Hat have confirmed this flaw, assigning it a high severity with a CVSS score of 9.9 out of 10.
- More than 75k publicly exposed assets are affected by the flaws, and a huge majority of these assets were found on the default IPP port 631. Of these, more than 42k publicly exposed assets accept unauthenticated connections.
- CUPS is the standard printing system for many Unix-like operating systems, such as GNU/Linux distributions and macOS. CVE vulnerabilities have affected several CUPS versions.
- These vulnerabilities involve multiple components of the CUPS printing system, allowing an unauthenticated attacker to replace existing printers URLs with malicious ones silently.
- The vulnerabilities exploit by directing a malicious UDP packet to port 631 on the target system, leading to remote code execution.
- Enterprises are advised to assess the exposure risk of CUPS systems. They should limit network access, deactivate non-essential services and implement strict access controls.
- The Qualys Threat Research Unit is releasing QIDs to detect these vulnerabilities.
- Organizations can inventory their infrastructure using the QID 38199: CUPS service Detected to mitigate these risks.
Read Full Article
18 Likes
For uninterrupted reading, download the app