Following a post on X from software developer Simone Margaritelli, it was revealed that there are a series of vulnerabilities in the Common UNIX Printing System (CUPS). Common UNIX Printing System (CUPS) is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP (Internet Printing Protocol) to allow for printing with local and network printers. While there has been a lot of attention given to these vulnerabilities prior to disclosure, based on what has been disclosed as of September 26, these flaws are not at the level of something like Log4Shell or Heartbleed. Tenable encourages organisations not to panic about these flaws as most attackers continue to exploit known vulnerabilities in internet facing assets.
Below is what Satnam Narang, Senior Staff Research Engineer, Tenable, has to say on Common UNIX Printing System (CUPS) Vulnerabilities
“Context is critical here. It is likely the assigned CVSS scores for the CUPS printing system flaws, including the one that received a 9.9 CVSS score will be revised down. Because the disclosure was leaked somehow ahead of the proposed disclosure date, the details were rushed out today and vendors are still in the process of putting together the advisories and patches for these flaws. From what we’ve gathered, these flaws are not at a level of a Log4Shell or Heartbleed. The reality is that across a variety of software, be it open or closed source, there are a countless number of vulnerabilities that have yet to be discovered and disclosed. Security research is vital to this process and we can and should demand better of software vendors. CISA Director Jen Easterly called this out very poignantly in a recent keynote speech. For organisations that are honing in on these latest vulnerabilities, it’s important to highlight that the flaws that are most impactful and concerning are the known vulnerabilities that continue to be exploited by advanced persistent threat groups with ties to nation states, as well as ransomware affiliates that are pilfering corporations for millions of dollars each year.”– Satnam Narang, Senior Staff Research Engineer, Tenable