CVE-2024-47177: cups-filters vulnerable to Command injection via FoomaticRIPCommandLine
First published: Thu Sep 26 2024(Updated: )
CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to `FoomaticRIPCommandLine` via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE_2024-47176, this can lead to remote command execution.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Traffix Systems Signaling Delivery Controller |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/
- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
- https://www.cups.org
- https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I
- https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025
- https://my.f5.com/manage/s/article/K000141223
- https://www.ibm.com/support/pages/node/7182403 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-47177?
CVE-2024-47177 is rated as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2024-47177?
To mitigate CVE-2024-47177, ensure that updated versions of CUPS and cups-filters are deployed to override vulnerable components.
Who is affected by CVE-2024-47177?
CVE-2024-47177 affects users of CUPS 2.x, specifically those using F5 Traffix SDC and other Linux-based systems.
What type of attack does CVE-2024-47177 enable?
CVE-2024-47177 enables remote code execution attacks via manipulation of PPD files in CUPS installations.
Can CVE-2024-47177 be exploited remotely?
Yes, CVE-2024-47177 can be exploited remotely if the vulnerable printing system is reachable over the network.
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-47076
- alias/CVE-2024-47175
- alias/CVE-2024-47176
- alias/CVE-2024-47177
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/description
- collector/darkreading
- source/Dark Reading
- alias/CVE-2021-44228
- alias/CVE-2020-10148
- alias/CVE-2024-38199
- alias/CVE-2024-21433
- alias/CVE-2024-38030
- agent/references
- agent/event
- agent/trending
- agent/source
- collector/f5-advisory
- source/F5
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- vendor/f5
- canonical/f5 traffix systems signaling delivery controller