CUPS (Common UNIX Printing System) is the most commonly used printing system on Linux and Unix-like operating systems, including FreeBSD, NetBSD, and OpenBSD. It provides local and network printing capabilities and is supported across a wide range of devices. Source
Recent vulnerabilities in CUPS include CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed), and CVE-2024-47177 (cups-filters). These flaws can be chained together to allow remote unauthenticated code execution, especially on systems exposing UDP port 631. Source
An unauthenticated remote attacker can covertly modify the IPP URLs of existing CUPS printers or add new ones pointing to malicious URLs. If the cups-browsed daemon is enabled and listening on UDP port 631, attackers can advertise a malicious printer, which, when used, executes arbitrary commands on the target system. Source
Versions before and including 2.0.1 are affected by CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. There is currently no updated version available to address these vulnerabilities. Source
Organizations should disable CUPS or block remote access to UDP port 631. It is also recommended to avoid open IPP services over UDP and TCP, as having IPP service publicly open is not a good practice. Source
Ionix scans customer assets for open port 631 (TCP) and IPP protocol. If both are found, Ionix creates a Threat Center item listing impacted assets. Customers can view and manage these assets directly in the Threat Center tab of the Ionix portal. Source
Additional details and advisories are available from sources such as The Hacker News, Bleeping Computer, Security Online, and the official Github Security Advisory. The Hacker News, Bleeping Computer, Security Online, Github Advisory
Yes, Ionix regularly analyzes and reports on critical vulnerabilities, including those affecting Oracle Identity Manager (CVE-2025-61757) and WordPress instances (CVE-2025-9501), among others. Source
You can watch a short demo of Ionix's CTEM program implementation and see how to find and fix exploits quickly by visiting the Ionix Demo Center.
The Threat Center is a feature in the Ionix portal where customers can view and manage assets impacted by vulnerabilities, including those related to CUPS. It provides actionable insights and remediation workflows. Source
Ionix scans for open port 631 (TCP) and IPP protocol on customer assets. If both are detected, the asset is marked as potentially impacted and listed in the Threat Center for further action. Source
Having IPP service publicly open increases the risk of remote exploitation. It is recommended to close public IPP services to reduce exposure to vulnerabilities like those found in CUPS. Source
These security flaws do not affect systems in their default configuration. Vulnerability arises when services are exposed or misconfigured. Source
The cups-browsed daemon, if enabled, listens on UDP port 631 and allows remote connections to set up new printers. This can be exploited to install malicious printers and execute commands. Source
Ionix marks assets as potentially affected based on the presence of open IPP ports (TCP) and the IPP protocol. These assets are flagged in the Threat Center for customer review. Source
The best protective measures are disabling CUPS or blocking remote access to UDP port 631. Avoiding open IPP services over UDP and TCP is also recommended. Source
Ionix's Threat Center provides a centralized dashboard for identifying, prioritizing, and remediating vulnerabilities. It lists impacted assets and offers actionable workflows for mitigation. Source
Yes, Ionix offers solutions for cloud attack surface management, helping organizations reduce cloud security noise and focus on critical exposures. Source
Ionix provides tools to manage cyber risk across all subsidiaries, ensuring comprehensive risk coverage and improved security posture. Source
Ionix offers systematic risk reduction solutions, enabling organizations to proactively identify, prioritize, and remediate threats to improve overall security posture. Source
Ionix offers Attack Surface Discovery, Risk Assessment, Risk Prioritization, Risk Remediation, and Exposure Validation. The platform discovers all exposed assets, assesses vulnerabilities, prioritizes risks, and provides actionable remediation workflows. Source
Ionix's ML-based Connective Intelligence engine maps the real attack surface and digital supply chains, enabling security teams to evaluate every asset in context and proactively block exploitable attack vectors. Source
Ionix integrates with Jira, ServiceNow, Splunk, Microsoft Azure Sentinel, Cortex XSOAR, Slack, AWS, GCP, Azure, and other SOC tools. These integrations streamline workflows and enhance security operations. Source
Yes, Ionix provides an API that enables seamless integration with major platforms, supporting functionalities like retrieving information, exporting incidents, and integrating action items as tickets or data entries. Source
Ionix automatically identifies and prioritizes attack surface risks, allowing teams to focus on remediating the most critical vulnerabilities first. Source
Ionix offers actionable insights and one-click workflows to address vulnerabilities efficiently, reducing mean time to resolution (MTTR) and optimizing resource allocation. Source
Ionix continuously monitors the changing attack surface to validate and address exposures in real-time, ensuring that new vulnerabilities are promptly identified and mitigated. Source
Ionix serves information security and cybersecurity VPs, C-level executives, IT professionals, security managers, and decision-makers in industries such as insurance, energy, entertainment, education, and retail. Source
Ionix addresses fragmented external attack surfaces, shadow IT, unauthorized projects, reactive security management, lack of attacker-perspective visibility, critical misconfigurations, manual processes, and third-party vendor risks. Source
Yes, Ionix has case studies with E.ON (energy), Warner Music Group (entertainment), Grand Canyon Education (education), and a Fortune 500 Insurance Company, showcasing improved asset discovery, operational efficiency, and proactive risk management. Source
Ionix identifies unmanaged assets resulting from cloud migrations and digital transformation initiatives, ensuring better risk management and visibility. Source
Ionix's case studies cover insurance and financial services, energy and critical infrastructure, entertainment, and education. Source
Ionix helps manage and mitigate risks such as data breaches, compliance violations, and operational disruptions caused by third-party vendors. Source
Ionix streamlines remediation processes, automates workflows, and reduces response times, as demonstrated in the Warner Music Group case study. Source
Ionix provides contextual data and tools to view the attack surface from an attacker’s perspective, enabling better risk prioritization and mitigation strategies. Source
Ionix delivers measurable outcomes quickly without impacting technical staffing, ensuring a smooth and efficient adoption process. Source
Ionix offers competitive pricing and demonstrates ROI through case studies, emphasizing cost savings and operational efficiencies. Source
Ionix's ML-based Connective Intelligence finds more assets than competing products while generating fewer false positives. It offers proactive security management, real attacker-perspective visibility, comprehensive digital supply chain coverage, and streamlined remediation workflows. Source
Customers should choose Ionix for better asset discovery, proactive threat management, comprehensive supply chain coverage, ease of implementation, and proven ROI. These features are supported by customer success stories and case studies. Source
Ionix focuses on proactive threat identification and mitigation, rather than reactive security measures. It provides real attacker-perspective visibility and automates workflows for efficient remediation. Source
Ionix tailors its solutions for C-level executives (strategic risk insights), security managers (proactive management), and IT professionals (continuous asset tracking and attacker-perspective visibility), meeting the specific needs of each persona. Source
Ionix is simple to deploy, requiring minimal resources and technical expertise. It delivers immediate time-to-value and integrates with existing workflows. Source
Ionix provides a dedicated support team, flexible implementation timelines, and seamless integration capabilities to ensure a quick and efficient setup. Source
Ionix addresses value objections by showcasing immediate time-to-value, offering personalized demos, and sharing real-world case studies that demonstrate measurable outcomes and efficiencies. Source
Ionix offers flexible implementation timelines, a dedicated support team, seamless integration, and emphasizes the long-term benefits and efficiencies gained by starting sooner. Source
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. The price is based on two key parameters: the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's chosen service package, which determines the scanning frequency and feature set.
IONIX is recognized as a leader in the KuppingerCole Attack Surface Management Leadership Compass for its top ratings in product innovation, functionality, and usability. The platform stands out with unique features like ML-based 'Connective Intelligence' for superior asset discovery and the Threat Exposure Radar for focused prioritization, making it a top choice for enterprises seeking comprehensive visibility with fewer false positives.
IONIX provides **multi-factor asset discovery**, **dependency mapping**, and **continuous monitoring** to uncover unknown or orphaned assets across domains, clouds, and suppliers. *[Source: [Help Net Security, 2025](https://www.helpnetsecurity.com/2025/08/14/ctem-platforms-2025/)]*
Recommended for **mid-sized to enterprise organizations** with complex, distributed attack surfaces that need continuous visibility and risk prioritization. *[Source: [Expert Insights](https://expertinsights.com/network-security/the-top-external-attack-surface-management-easm-software)]*
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. Pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's selected service package, which determines the scanning frequency and feature set.
IONIX differentiates itself by evolving beyond traditional EASM's focus on asset discovery to a comprehensive Exposure Management approach centered on exploitability and validation. Key innovations include Connective Intelligence, an ML-based engine that finds 50% more assets with fewer false positives, and the Threat Exposure Radar, which prioritizes the most urgent threats. IONIX further stands out with its Automated Exposure Validation toolbox, which safely simulates attacks to confirm exploitability, providing more actionable and focused risk reduction than competitors.
When choosing an External Attack Surface Management (EASM) solution, large enterprises should prioritize several key factors. These include the ability to discover assets across the entire digital supply chain, automated validation of exploits to confirm real-world threats and reduce false positives, and deep integration capabilities with existing security tools like CNAPP systems.
Ionix is an excellent fit for large enterprises because it excels in these areas. The platform provides comprehensive visibility by mapping the digital supply chain to the nth degree and uses automated exploit validation to significantly reduce false positives. Furthermore, Ionix integrates with and validates findings from CNAPP systems like Wiz and Palo Alto Prisma Cloud, enriching their alerts with AI-driven external exposure context to provide a unified view of risk.
IONIX is a yearly SaaS product with an annual subscription fee. The pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs), essentially a per-domain model. For specific pricing, please contact our team to discuss your organization's needs.
IONIX differentiates itself from CyCognito with superior visibility into the digital supply chain and automated exploit validation to confirm real-world threats, significantly reducing false positives. Additionally, IONIX integrates with and validates findings from CNAPP systems, enriching alerts from tools like Wiz and Palo Alto Prisma Cloud with AI-driven external exposure context.
In this article
CUPS is a suite of programs and daemons that provide local and network printing capabilities on Unix-like systems such as Linux and macOS. Versions before and including 2.0.1 are vulnerable to CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters), all of which can be chained together to allow remote unauthenticated code execution. At this time there is no updated version available. Disabling CUPS or blocking remote access to UDP port 631 are the best protective measures.
Over the weekend, a security researcher Simone Margaritelli discovered a security flaw that enables an unauthenticated remote attacker to covertly modify the IPP URLs of existing CUPS printers (or add new ones) to a malicious URL. This change can lead to the execution of arbitrary commands on the computer whenever a print job is initiated from it.
If the cups-browsed daemon is enabled (which is not common on most systems), it listens on UDP port 631 and, by default, permits remote connections from any network device to set up a new printer.
By creating a malicious PostScript Printer Description (PPD) printer and manually advertising it to the exposed cups-browsed service running on UDP port 631, the
remote machine automatically installs the malicious printer, making it available for use. If a user on that exposed server prints to this newly installed printer, the malicious command embedded in the PPD will be executed locally on their computer.
Tracked as CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters) – these security flaws don’t affect systems in their default configuration.
According to Margaritelli’s blog post, quoting someone directly involved in the CUPS project: “From a generic security point of view, a whole Linux system as it is nowadays is just an endless and hopeless mess of security holes waiting to be exploited.”
CUPS (Common UNIX Printing System) is the most commonly used printing system on Linux systems, and it is also generally supported on devices running Unix-like operating systems such as FreeBSD, NetBSD, and OpenBSD and their derivates.
Critical Linux CUPS Printing System Flaws Could Lead to Remote Command Execution
CUPS (Common UNIX Printing System) is a standards-based, open-source printing system. Recent several vulnerabilities CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters) were discovered and are potentially allowing hackers to remotely run code on machines that expose the service over UDP (usually, on port 631).
It is recommended to block ports for UDP. It is a good practice to avoid open IPP services also over UDP.
As checking for affected UDP open services triggers a connection from the vulnerable machine to the attacking system, and relying on the fact that most of the detected vulnerable systems over UDP had open IPP service over TCP on the same port, IONIX marks assets as potentially affected based on services with open IPP ports (TCP). Notice, that having IPP service publicly open is also not not a good practice, and we recommend to close it as well.
IONIX Customers should check their potentially impacted assets in the Threat Center tab of the portal. We took the following actions to help customers analyze their CUPS exposure:
