CyberScoop reports that widely used Linux distributions, such as Ubuntu, Red Hat, and Debian, have been impacted by four vulnerabilities within the OpenPrinting Common Unix Printing System — tracked as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177 — which could be leveraged to facilitate unauthorized command execution.
All of the flaws, which were reported by cybersecurity researcher Simone Margaritelli, are easily remediated and could only be successfully exploited should CUPS be manually activated and attackers obtain access to servers with local network connections and public internet, which were noted by Sonatype co-founder and Chief Technology Officer Brian Fox to avert widespread compromise despite the pervasiveness of the issues. "This means that although an attacker can plant the malicious device, they cannot exploit the vulnerability unless a print job is sent to it. However, this situation is concerning because future attacks following a similar pattern might not require a print job to trigger and could exploit similar vulnerabilities," said Fox.