Header image

Warnings on High Severity Linux Printing System Vulnerabilities

Four flaws in CUPS with no patch immediately available.

A critical set of unauthenticated Remote Code Execution (RCE) vulnerabilities in printer software - affecting all GNU/Linux systems - have been disclosed with a severity of 9.9 out of 10.

The vulnerabilities are in the Common Unix Printing System (CUPS), the standard printing system for many Unix-like operating systems, such as GNU/Linux distributions and macOS.

When activated, it allows a computer to function as a print server, managing print jobs and queues and supporting network printing through the Internet Printing Protocol.

Based on analysis by Qualys’ Threat Research Unit, there are more than 75,000 publicly exposed assets, with more than 42,000 publicly exposed assets accepting unauthenticated connections.

Recommendations

Qualys recommended users limit network access, deactivate non-essential services, and implement strict access controls. 

Saeed Abbasi, product manager at Qualys’ Threat Research Unit, said: “These issues pose significant risks for systems exposed directly to the internet or within a local network, potentially allowing attackers to gain full control over affected machines.

“The cups-browsed service is widely installed on Unix-like operating systems. Proactive measures are essential to mitigate risks associated with unauthenticated RCE vulnerabilities. By staying informed, assessing risks, implementing interim security controls, and preparing for rapid patch deployment, organizations can significantly reduce their exposure to potential attacks.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

24
Oct
Webinar

Securing Data in the Cloud: Advanced Strategies for Cloud Application Security

Discussing the current trends in cloud security, focusing on the challenges of hybrid environments

In this live webinar, join security specialists from OPSWAT to discuss the current trends in cloud security, focusing on the challenges of hybrid environments, including diminished visibility and weakened threat detection.

image image