BleepingComputer reports that vulnerable Linux and UNIX servers impacted by the Common Unix Printing System remote code execution bug, tracked as CVE-2024-47176, could be discovered using a new automated scanner developed by cybersecurity researcher Marcus Hitchins, also known as MalwareTech.
After establishing an HTTP server on the scanning machine to observe incoming HTTP requests from network devices, the automated scanner proceeds to deliver a custom UDP packet to every IP address in range instructing request delivery from CUPS instances, with the ones responding then designated as vulnerable, according to Hitchins. Such a scanner also provides results in a pair of logs, the first of which details the responding devices' IP addresses and CUPS version while the other contains raw HTTP requests given to the callback server. Such a development comes after the vulnerability was discovered by Akamai to be potentially leveraged in significantly amplified distributed denial-of-service attacks.
