SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER OpenPrinting CUPS cups-filters foomatic-rip remote code execution attempt
This rule looks for an attempt to inject a FoomaticRIPCommandLine into the foomatic-rip driver on a CUPS server, described in CVE-2024-47177.
This rule triggers on attempts to exploit a remote code execution vulnerability in OpenPrinting CUPS servers.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
Rule Categories::Server::Other
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Command Injection
Command Injection attacks target applications that allow unsafe user-supplied input. Attackers transmit this input via forms, cookies, HTTP headers, etc. and exploit the applications permissions to execute system commands without injecting code.
CVE-2024-47177 |
Loading description
|