New scanner discovered Linux, UNIX to CUPS RCE attacks

A new scanner has been released to help security professionals identify devices vulnerable to the Common Unix Printing System (CUPS) remote code execution (RCE) flaw. The flaw, tracked as CVE-2024-47176, allows attackers to execute code remotely if certain conditions are met. The scanner, created by cybersecurity researcher Marcus Hutchins, works by sending a custom UDP packet to devices on a network and identifying those that respond with an HTTP callback. This allows administrators to quickly identify vulnerable devices and take action to mitigate the risk. The article also highlights that the vulnerability can be exploited for distributed denial of service (DDoS) attacks, as it can amplify traffic by a factor of 600.