CVE-2024-47177: 
OpenPrinting CUPS vulnerability analysis and mitigation

CUPS is a standards-based, open-source printing system, and cups-filters provides backends, filters, and other software for CUPS 2.x to use on non-Mac OS systems. Any value passed to FoomaticRIPCommandLine via a PPD file will be executed as a user controlled command. When combined with other logic bugs as described in CVE-2024-47176, this can lead to remote command execution (NVD, GitHub Advisory).

The vulnerability exists in cups-filters version 2.0.1 and earlier. The issue stems from the lack of validation of the FoomaticRIPCommandLine directive in PPD files, which allows arbitrary command execution. The vulnerability has been assigned a CVSS v3.1 base score of 9.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) (NVD).

An unauthenticated remote attacker can achieve remote command execution when combined with other vulnerabilities (CVE-2024-47076, CVE-2024-47175, and CVE-2024-47176). This could lead to theft of sensitive data and damage to critical production systems (Red Hat Blog).

The primary mitigation is to stop and disable the cups-browsed service if printing is not needed. This can be done using the commands: sudo systemctl stop cups-browsed and sudo systemctl disable cups-browsed. Additionally, administrators should verify if cups-browsed is running using sudo systemctl status cups-browsed. If the service must run, ensure the 'BrowseRemoteProtocols' directive does not contain the value 'cups' in the configuration file /etc/cups/cups-browsed.conf (Red Hat Blog).

Red Hat has rated these issues with a severity impact of Important, noting that while all versions of RHEL are affected, the affected packages are not vulnerable in their default configuration. Ubuntu has marked this CVE as 'Ignored' as it is mitigated by fixes for related CVEs, and there are no plans by cups-filters developers to address this specific CVE (Ubuntu Security, Red Hat Blog).