#VU98064 Missing Authorization in cups-browsed - CVE-2024-47850
Published: October 7, 2024
Vulnerability identifier: #VU98064
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-47850
CWE-ID: CWE-862
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
cups-browsed
cups-browsed
Software vendor:
OpenPrinting
OpenPrinting
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing authorization when handling IPP UDP packets. A remote attacker can send a specially crafted IPP UDP packet requesting a printer to be added and force the application to send an HTTP POST request to an arbitrary IP address and port.
Successful exploitation of the vulnerability may allow an attacker to perform DDoS amplification attacks.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.