Cyber Resilience

CVE-2024-47176

MediumPublic PoC

Published: 26 September 2024

Published
26 September 2024
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score 0.8759 99.5th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47176 is a medium-severity Binding to an Unrestricted IP Address (CWE-1327) vulnerability in Openprinting Cups-Browsed. Its CVSS base score is 5.3 (Medium).

Operationally, ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CUPS, the open-source printing system, is affected in its cups-browsed component, which provides network printing features such as auto-discovery of print services. The vulnerability stems from cups-browsed binding to INADDR_ANY:631, which causes it to trust packets from any source and issue Get-Printer-Attributes IPP requests to an arbitrary attacker-controlled URL. This issue is tracked under CWE-1327 and carries a CVSS 3.1 score of 5.3.

An unauthenticated attacker with network access can exploit the flaw by supplying a malicious printer definition. When combined with the related issues CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, the weakness enables remote arbitrary command execution on the target system simply by causing a print job to be processed against the attacker-controlled printer.

Public advisories published by the OpenPrinting project on GitHub detail the affected code in cups-browsed and the companion libraries cups-filters, libcupsfilters, and libppd. The current EPSS score of 0.8759 matches its recorded peak, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause…

more

the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

openprinting
cups-browsed
2.0.1

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References