CyberScoop reports that widely used Linux distributions, such as Ubuntu, Red Hat, and Debian, have been impacted by four vulnerabilities within the OpenPrinting Common Unix Printing System.
The vulnerabilities, tracked as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177, could be leveraged to facilitate unauthorized command execution.
All of the flaws, which cybersecurity researcher Simone Margaritelli reported, are easily remediated and could only be successfully exploited should CUPS be manually activated. Attackers would have to obtain access to servers with local network connections and public internet, which Sonatype co-founder and Chief Technology Officer Brian Fox noted would avert widespread compromise despite the pervasiveness of the issues.
"This means that although an attacker can plant the malicious device, they cannot exploit the vulnerability unless a print job is sent. However, this situation is concerning because future attacks following a similar pattern might not require a print job to trigger and could exploit similar vulnerabilities," said Fox.
