Attack surface management

CUPS Vulnerabilities Could Lead to Widespread Attacks

Share
Bussiness man Hand press button on panel of printer, printer scanner laser office copy machine supplies start concept.

Threat actors could exploit four recently discovered vulnerabilities impacting the Common UNIX Printing System to facilitate significant distributed denial-of-service attacks, according to The Record, a news site by cybersecurity firm Recorded Future.

Nearly 34% of over 198,000 internet-exposed devices affected by the CUPS flaws, tracked as CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, could be leveraged for DDoS attacks, which involve the delivery of a packet designating a target as an additional printer, an analysis from Akamai's Security Intelligence and Response Team showed.

"For each packet sent, the vulnerable CUPS server will generate a larger and partially attacker-controlled IPP/HTTP request directed at the specified target. As a result, not only is the target affected, but the host of the CUPS server also becomes a victim, as the attack consumes its network bandwidth and CPU resources," said Akamai Principal Security Researcher Larry Cashdollar.

The development comes after a similar exploitation of CUPS bugs in exposed UNIX systems was reported by Risky Biz.