Warnings on High Severity Linux Printing System Vulnerabilities

share
Header image

Warnings on High Severity Linux Printing System Vulnerabilities

share

Four flaws in CUPS with no patch immediately available.

A critical set of unauthenticated Remote Code Execution (RCE) vulnerabilities in printer software - affecting all GNU/Linux systems - have been disclosed with a severity of 9.9 out of 10.

The vulnerabilities are in the Common Unix Printing System (CUPS), the standard printing system for many Unix-like operating systems, such as GNU/Linux distributions and macOS.

When activated, it allows a computer to function as a print server, managing print jobs and queues and supporting network printing through the Internet Printing Protocol.

Based on analysis by Qualys’ Threat Research Unit, there are more than 75,000 publicly exposed assets, with more than 42,000 publicly exposed assets accepting unauthenticated connections.

Recommendations

Qualys recommended users limit network access, deactivate non-essential services, and implement strict access controls. 

Saeed Abbasi, product manager at Qualys’ Threat Research Unit, said: “These issues pose significant risks for systems exposed directly to the internet or within a local network, potentially allowing attackers to gain full control over affected machines.

“The cups-browsed service is widely installed on Unix-like operating systems. Proactive measures are essential to mitigate risks associated with unauthenticated RCE vulnerabilities. By staying informed, assessing risks, implementing interim security controls, and preparing for rapid patch deployment, organizations can significantly reduce their exposure to potential attacks.”

Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Vulnerabilities and Flaws Published: 27 September Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Claude Mythos: What CISOs Should Know

Claude Mythos: What CISOs Should Know

 Iran and the New CNI Threat

Iran and the New CNI Threat

 Vulnerability Management and the AI Challenge

Vulnerability Management and the AI Challenge
Identity-Based Attacks: The Threat and How to Mitigate It

Identity-Based Attacks: The Threat and How to Mitigate It

 Critical Apache Struts 2 bug could enable data theft, SSRF intrusions

Critical Apache Struts 2 bug could enable data theft, SSRF intrusions

 The 4 Worst Vulnerabilities of 2025 – And How To Boost Patch Management in 2026

The 4 Worst Vulnerabilities of 2025 – And How To Boost Patch Management in 2026
Critical Citrix NetScaler Flaw Threatens Over 28k Instances

Critical Citrix NetScaler Flaw Threatens Over 28k Instances