CVE-2024-47175
HIGHOpenPrinting libppd - Unsanitized IPP Attribute Code Execution
Title source: manualExploitation Summary
EIP tracks 1 public exploit for CVE-2024-47175.
PoCs published by Simone Margaritelli, Rick de Jager, s ipp-server, , # mDNS functionality, ,, including Metasploit module exploits/multi/misc/cups_ipp_remote_code_execution.
AI-analyzed exploit summary This Metasploit module exploits multiple CUPS vulnerabilities (CVE-2024-47076, CVE-2024-47175, etc.) by advertising a malicious printer via mDNS and IPP, achieving remote code execution when a victim sends a print job. It includes a full IPP server implementation and mDNS service to simulate a printer on the LAN.
Description
CUPS is a standards-based, open-source printing system, and `libppd` can be used for legacy PPD file support. The `libppd` function `ppdCreatePPDFromIPP2` does not sanitize IPP attributes when creating the PPD buffer. When used in combination with other functions such as `cfGetPrinterAttributes5`, can result in user controlled input and ultimately code execution via Foomatic. This vulnerability can be part of an exploit chain leading to remote code execution (RCE), as described in CVE-2024-47176.
Exploits (1)
This Metasploit module exploits multiple CUPS vulnerabilities (CVE-2024-47076, CVE-2024-47175, etc.) by advertising a malicious printer via mDNS and IPP, achieving remote code execution when a victim sends a print job. It includes a full IPP server implementation and mDNS service to simulate a printer on the LAN.
References (11)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N