Cyber Resilience

CVE-2023-24805

HighPublic PoCRCE

Published: 17 May 2023

Published
17 May 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0930 92.9th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-24805 is a high-severity OS Command Injection (CWE-78) vulnerability in Linuxfoundation Cups-Filters. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 7.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2023-24805 affects the cups-filters package, which supplies backends, filters, and related components needed to integrate the CUPS printing service on non-macOS operating systems. The flaw resides in the Backend Error Handler (beh) implemented in beh.c, where the statement retval = system(cmdline) >> 8; passes an unsanitized cmdline string containing multiple attacker-controlled values directly to the system() call, enabling OS command injection (CWE-78). The vulnerability carries a CVSS 3.1 score of 8.8.

An attacker with network access to a print server that exposes the beh backend can supply crafted input that results in arbitrary commands executing in the context of the cups-filters process, achieving remote code execution with impacts to confidentiality, integrity, and availability.

The issue was corrected in commit 8f2740357 of the cups-filters repository. Project and distribution advisories recommend upgrading to a patched version as soon as it becomes available and, until then, restricting network access to affected printers. Debian and Fedora have published corresponding updates and package announcements.

EPSS for the CVE reached a modest peak of 0.1070 before receding to the current value of 0.0930, indicating limited but detectable post-disclosure interest.

EU & UK References

Vulnerability details

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause…

more

remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linuxfoundation
cups-filters
2.0 · ≤ 2.0
fedoraproject
fedora
37, 38
debian
debian linux
10.0, 11.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References