Man
Professional
- Messages
- 3,222
- Reaction score
- 807
- Points
- 113
The new online scanner will make life much easier for system administrators.
Cybersecurity researcher Marcus Hitchins, known as MalwareTech, has released an automated scanner to identify vulnerable Linux and UNIX servers that are vulnerable to an attack through the CUPS vulnerability, registered as CVE-2024-47176. This tool is able to help system administrators find devices with the cups-browsed service enabled, which under certain conditions may be subject to remote code execution (RCE).
The vulnerability first became known last month thanks to security researcher Simone Margaritelli, who discovered the problem. Although the ability to exploit RCE in real-world conditions is limited, researchers from Akamai said that this vulnerability can also be used to multiply DDoS attacks, up to 600 times.
The problem is that the cups-browsed service binds its control port (UDP 631) to any available network interface, making it accessible to any system. In the absence of appropriate authentication, any user on the network can send commands on this port.
Hitchins' scanner uses a Python script to help system administrators scan local networks and identify devices with vulnerable versions of CUPS. According to the developer, even if a port is not accessible via the Internet due to firewalls or NAT, it can still be accessed on the local network, which opens up opportunities for privilege escalation and lateral movement.
The scanner works by sending special UDP packets to network addresses within a specified range, after which vulnerable devices send a return request to the server, indicating the presence of a problem. The scan results are stored in two logs: the first contains the IP addresses and CUPS version of the affected devices, and the second contains detailed information about the HTTP requests sent, which allows for more in-depth analysis.
Using this scanner will help system administrators plan for patches in advance and minimize the risk of exploitation of CVE-2024-47176.
This CUPS case illustrates the importance of regularly scanning network devices for vulnerabilities. Nowadays, even seemingly insignificant errors can become a tool for large-scale attacks that threaten the integrity of the entire system.
Source
Cybersecurity researcher Marcus Hitchins, known as MalwareTech, has released an automated scanner to identify vulnerable Linux and UNIX servers that are vulnerable to an attack through the CUPS vulnerability, registered as CVE-2024-47176. This tool is able to help system administrators find devices with the cups-browsed service enabled, which under certain conditions may be subject to remote code execution (RCE).
The vulnerability first became known last month thanks to security researcher Simone Margaritelli, who discovered the problem. Although the ability to exploit RCE in real-world conditions is limited, researchers from Akamai said that this vulnerability can also be used to multiply DDoS attacks, up to 600 times.
The problem is that the cups-browsed service binds its control port (UDP 631) to any available network interface, making it accessible to any system. In the absence of appropriate authentication, any user on the network can send commands on this port.
Hitchins' scanner uses a Python script to help system administrators scan local networks and identify devices with vulnerable versions of CUPS. According to the developer, even if a port is not accessible via the Internet due to firewalls or NAT, it can still be accessed on the local network, which opens up opportunities for privilege escalation and lateral movement.
The scanner works by sending special UDP packets to network addresses within a specified range, after which vulnerable devices send a return request to the server, indicating the presence of a problem. The scan results are stored in two logs: the first contains the IP addresses and CUPS version of the affected devices, and the second contains detailed information about the HTTP requests sent, which allows for more in-depth analysis.
Using this scanner will help system administrators plan for patches in advance and minimize the risk of exploitation of CVE-2024-47176.
This CUPS case illustrates the importance of regularly scanning network devices for vulnerabilities. Nowadays, even seemingly insignificant errors can become a tool for large-scale attacks that threaten the integrity of the entire system.
Source
