skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

CUPS Vulnerability Enables Remote Code Execution via Malicious Printer

/ 1 min read

CUPS IPP Attributes LAN Remote Code Execution vulnerability discovered. A new Metasploit module has been released that exploits vulnerabilities in OpenPrinting CUPS, commonly found on Linux systems. This vulnerability allows an attacker on the same local network to advertise a malicious printer, which can trigger remote code execution when a victim sends a print job to it. Successful exploitation requires user interaction, but no CUPS services need to be directly accessible. The affected versions include cups-browsed up to 2.0.1 and cups-filters up to 2.0.1. The module was developed by multiple contributors, including Simone Margaritelli and Rick de Jager, and is designed to execute code in the context of the ‘lp’ user. The vulnerabilities are documented under several CVE identifiers, including CVE-2024-47076.