Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

CUPS open source printing system can be hacked to hijack your devices, experts warn

Printing.

The Common UNIX Printing System, or CUPS, can be abused to run malicious code on vulnerable endpoints remotely, experts have warned.

CUPS is an open-source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues, supporting both local and network printers. CUPS uses the Internet Printing Protocol (IPP) as its primary protocol, allowing seamless printer discovery and job submission across networks. It also includes a web-based interface for managing printers, print jobs, and configurations.

Cybersecurity researcher Simone Margaritelli of Evil Socket discovered a problem in the system’s ability to discover new printers. As the researcher explains, CUPS has four vulnerabilities: CVE_2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. These vulnerabilities, when chained together, allow threat actors to create a fake, malicious printer, and have CUPS discover it.

Roadblocks to exploitation

The moment a user tries to print something using this new device, a malicious command gets executed locally on their device.

While it sounds like a major vulnerability, Red Hat deemed it ‘important’ rather than ‘critical’, and this is mostly because there are many hoops to jump through, before the flaw can be exploited for RCE.

The first, and biggest one, is that the component named cups-browsed daemon, which looks for shared printers on the local network and enables them for printing, needs to be turned on. The researcher said that sometimes it’s turned off by default, and sometimes it’s turned on.

The second major hoop is making the victim pick the new printer that suddenly appeared out of nowhere, instead of their usual machine.

Red Hat is currently working on a fix, so a patch is not yet available. However, the easy fix is to stop the cups-browsed service from running, and to prevent it from being started on reboot.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.