Summary:
Akamai has reported a critical remote code execution (RCE) vulnerability in CUPS (Common Unix Printing System), which impacts Unix-like systems. While severe, the vulnerability does require a threat actor to chain together four vulnerabilities: CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177.

Successful exploitation of this vulnerability allows an attacker to remotely execute code in a victim environment.

Security Officer Comments:
CUPS is widely deployed in Unix/Linux environments. It is often used in corporate environments for centralized printing, but some cloud instances use CUPS for virtualized printing.

Linux Distributions using CUPS:

• Red Hat/Fedora
• Ubuntu/Debian
• SUSE

Suggested Corrections:
Akamai recommends identifying CUPS use, assessing internet exposure via Shodan, and implementing network segmentation to limit the blast radius. They advise creating a DMZ for internet-facing servers and segmenting application servers based on their specific traffic needs. The vulnerability isn't public, but they suggest mapping Linux machines and segmentation policies now to prepare.

Link(s):
https://www.akamai.com/blog/security-research/guidance-on-critical-cups-rce