October 8, 2024 at 05:54PM
A new scanner, created by Marcus Hitchins, is designed to identify devices vulnerable to the CUPS RCE flaw (CVE-2024-47176). By setting up an HTTP server on the scanning machine, the Python script sends custom UDP packets to the network, eliciting responses from vulnerable devices. The generated results aid system administrators in targeted patching or reconfiguration efforts. (50 words)
It appears that a new automated scanner has been developed by cybersecurity researcher Marcus Hitchins (aka “MalwareTech”) to help security professionals identify devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. This flaw, revealed by Simone Margaritelli, may lead to arbitrary remote code execution under specific conditions, and Akamai has also shown its potential for amplification in distributed denial of service (DDoS) attacks.
The scanner, known as cups_scanner.py, creates an HTTP server on the scanning machine that listens for incoming HTTP requests from devices on the network. By sending a custom UDP packet to the network’s broadcast address on port 631, the scanner prompts vulnerable CUPS instances to send a request back, marking them as vulnerable if they respond.
The scanner generates two logs: one containing the IP addresses and CUPS version of the devices that responded, and another containing the raw HTTP requests received by the callback server.
This tool allows system administrators to identify vulnerable devices and take targeted patching or reconfiguration actions to minimize exposure to CVE-2024-47176. It’s important to note that BleepingComputer has not tested the script, so its effectiveness and safety cannot be guaranteed, and users should proceed at their own risk.