Following a post on X from software developerย Simone Margaritelli, it was revealed that there areย a series of vulnerabilities in the Common UNIX Printing System (CUPS).ย Common UNIX Printing System (CUPS) is an open-source printing system for Linux and other UNIX-like operating systems. CUPS uses the IPP (Internet Printing Protocol) to allow for printing with local and network printers. While there has been a lot of attention given to these vulnerabilities prior to disclosure, based on what has been disclosed as of September 26, these flaws are not at the level of something likeย Log4Shell or Heartbleed. We encourage organisations not to panic about these flaws as most attackers continue to exploitย known vulnerabilitiesย in internet facing assets.
Please find here a FAQ from Tenable about the vulnerabilities and a comment below from Satnam Narang, Senior Staff Research Engineer, Tenable.
โContext is critical here. It is likely the assigned CVSS scores for the CUPS printing system flaws, including the one that received a 9.9 CVSS score will be revised down. Because the disclosure was leaked somehow ahead of the proposed disclosure date, the details were rushed out today and vendors are still in the process of putting together the advisories and patches for these flaws. From what weโve gathered, these flaws are not at a level of a Log4Shell or Heartbleed. The reality is that across a variety of software, be it open or closed source, there are a countless number of vulnerabilities that have yet to be discovered and disclosed. Security research is vital to this process and we can and should demand better of software vendors. CISA Director Jen Easterly called this out very poignantly in a recent keynote speech. For organisations that are honing in on these latest vulnerabilities, itโs important to highlight that the flaws that are most impactful and concerning are the known vulnerabilities that continue to be exploited by advanced persistent threat groups with ties to nation states, as well as ransomware affiliates that are pilfering corporations for millions of dollars each year.โ– Satnam Narang, Senior Staff Research Engineer, Tenable