ISN 2023-09: RCE in CUPS Printing System

First published 07 June 2023

CVSS 3.1: 8.8 (High)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability has been discovered in CUPS Filters, which are shipped with IGEL OS. This affects the following IGEL products:

• IGEL OS 11
• IGEL OS 12

Details

A security vulnerability rated high has been found in CUPS Filters (CVE-2023-24805). When using the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can allow remote code execution (RCE).

Update Instructions

• OS 11: Update to IGEL OS version 11.08.330 or newer.
• OS 12: Update to IGEL OS base system version 12.01.120 (available 12 June 2023)

References

• CVE-2023-24805: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24805