admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-47176.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

52 lines
2.9 KiB
Markdown
Raw Permalink Blame History

### [CVE-2024-47176](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47176)
![](https://img.shields.io/static/v1?label=Product&message=cups-browsed&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%3D%202.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-1327%3A%20Binding%20to%20an%20Unrestricted%20IP%20Address&color=brightgreen)
### Description
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
### POC
#### Reference
- https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8
- https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47
- https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5
- https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6
#### Github
- https://github.com/0x7556/CVE-2024-47176
- https://github.com/0xCZR1/PoC-Cups-RCE-CVE-exploit-chain
- https://github.com/20142995/nuclei-templates
- https://github.com/782e616c6d/782e616c6d
- https://github.com/Alie-N/cups-vulnerability-exploit
- https://github.com/AxthonyV/CVE-2024-47176
- https://github.com/CrackerCat/feed
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/GO0dspeed/spill
- https://github.com/GraveRose/cups
- https://github.com/Kuri119/EvilCups
- https://github.com/MalwareTech/CVE-2024-47176-Scanner
- https://github.com/NIMRAA3/cisco-n-map-port-scanning-lab
- https://github.com/Ostorlab/KEV
- https://github.com/WillGAndre/WillGAndre
- https://github.com/aytackalinci/CVE-2024-47176
- https://github.com/cyb3r-w0lf/nuclei-template-collection
- https://github.com/fr33s0ul/CUPS-mitigation-script
- https://github.com/gianlu111/CUPS-CVE-2024-47176
- https://github.com/gonoph/ansible-mitigation
- https://github.com/gumerzzzindo/CVE-2024-47176
- https://github.com/l0n3m4n/CVE-2024-47176
- https://github.com/lkarlslund/jugular
- https://github.com/mr-r3b00t/CVE-2024-47176
- https://github.com/nma-io/CVE-2024-47176
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/onhexgroup/Exploits-Review
- https://github.com/referefref/cupspot-2024-47177
- https://github.com/rix4uni/medium-writeups
- https://github.com/tonyarris/CVE-2024-47176-Scanner
- https://github.com/workabhiwin09/CVE-2024-47176
Reference in New Issue View Git Blame Copy Permalink