Vulnerability Report

CVE-2024-47176

RCE

Title: Openprinting Cups-Browsed RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2024-47176.

CWE Category CWE-1327

Published Date Sep 26, 2024

Modified Date Nov 04, 2025

Exploit Status Not Found

Score 5.3 CVSS v3.1

Exploit Probability (EPSS)

87.59%

Vulnerability Summary

CVE-2024-47176: CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.

Impacted Vendors

openprinting 1

Reference Links

https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992 https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8 https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47 https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5 https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6 https://www.cups.org https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I http://www.openwall.com/lists/oss-security/2024/09/27/6 http://www.openwall.com/lists/oss-security/2025/09/11/2 https://github.com/OpenPrinting/cups-browsed/commit/1debe6b140c37e0aa928559add4abcc95ce54aa2 https://lists.debian.org/debian-lts-announce/2024/09/msg00048.html https://security.netapp.com/advisory/ntap-20241011-0001/

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

5.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2024-47176 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 04, 2025 MODIFIED

Vulnerability data or affected products updated.

September 26, 2024 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Stack

No specific products linked.