CUPS open source printing system can be hacked to hijack your devices, experts warn

Cybersecurity researcher Simone Margaritelli of Evil Socket discovered a problem in the system’s ability to discover new printers. As the researcher explains, CUPS has four vulnerabilities: CVE_2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. These vulnerabilities, when chained together, allow threat actors to create a fake, malicious printer, and have CUPS discover it.

Roadblocks to exploitation

The moment a user tries to print something using this new device, a malicious command gets executed locally on their device.

While it sounds like a major vulnerability, Red Hat deemed it ‘important’ rather than ‘critical’, and this is mostly because there are many hoops to jump through, before the flaw can be exploited for RCE.

The first, and biggest one, is that the component named cups-browsed daemon, which looks for shared printers on the local network and enables them for printing, needs to be turned on. The researcher said that sometimes it’s turned off by default, and sometimes it’s turned on.

The second major hoop is making the victim pick the new printer that suddenly appeared out of nowhere, instead of their usual machine.

Red Hat is currently working on a fix, so a patch is not yet available. However, the easy fix is to stop the cups-browsed service from running, and to prevent it from being started on reboot.

Via BleepingComputer

More from TechRadar Pro

• Microsoft says Russian hackers are exploiting an ancient printer security flaw
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now