close
close

Experts warn that the open source CUPS printing system could be hacked to take control of devices

Posted on by darion

When you purchase through links in our articles, Future and its distribution partners may earn a commission.

Printing. Printing.

Source: Pixabay

Experts warn that Common UNIX Printing System (CUPS) can be used to remotely execute malicious code on vulnerable endpoints.

CUPS is an open source printing system developed by Apple for Unix-like operating systems, including Linux and macOS. It provides a standardized way to manage print jobs and queues, supporting both local and network printers. CUPS uses the Internet Printing Protocol (IPP) as its underlying protocol, enabling seamless printer discovery and job submission across networks. It also includes a web interface for managing printers, print jobs, and configurations.

Cybersecurity researcher Simone Margaritelli of Evil Socket discovered an issue with the system’s ability to detect new printers. As the researcher explains, CUPS has four vulnerabilities: CVE_2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. When combined together, the vulnerabilities allow cybercriminals to create a fake, malicious printer and allow it to be detected by CUPS.

Roadblocks to exploitation

When a user tries to print something using this new device, a malicious command is executed locally on their device.

While this sounds like a serious vulnerability, Red Hat has deemed it “important” rather than “critical,” and this is largely because there are many hurdles to overcome before the vulnerability can be exploited in RCE.

The first and biggest is that you need to enable a component called cups-browsed daemon, which searches for shared printers on the local network and allows them to print. The researcher found that sometimes it is disabled by default and sometimes it is enabled.

The second major problem is that the victim chooses a new printer that suddenly appears out of nowhere, instead of the regular machine.

Red Hat is currently working on a fix, so the patch is not available yet. However, an easy solution is to stop the mug browsing service from running and prevent it from starting on restart.

By Shiny Computer

More with TechRadar Pro