.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
Informational
Advisory: CUPS Vulnerabilities
CVE(N)
CVE-2024-47076
CVE-2024-47175
CVE-2024-47176
CVE-2024-47177
PRODUCT(S)
Cloud Optix
Sophos Central
Sophos Firewall
Sophos RED
Sophos Switch
Sophos UTM
Sophos Wireless
更新日
2024 Sep 27
記事バージョン
1
公開日
2024 Sep 27
公開 ID
sophos-sa-20240926-CUPS
回避策
No
Overview
On Thursday, September 23, 2024, Simone Margaritelli research discovered and reported vulnerabilities in CUPS which could result in unauthenticated Remote Code Execution (RCE). Assigned CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177.
Are Sophos products are affected?
The following products have been reviewed against the CUPS vulnerability:
| Product or Service | Status | Description |
|---|---|---|
| Cloud Optix | Not affected | Component not present |
| SG UTM (all versions) | Not affected | Component not present |
| Sophos Central | Not affected | Component not present |
| Sophos Endpoint Protection (Windows) | Not affected | Component not present |
| Sophos Endpoint Protection (macOS) | Not affected | Component not present |
| Sophos Endpoint Protection (Linux) | Not affected | Component not present |
| Sophos Email | Not affected | Component not present |
| Sophos Firewall (all versions) | Not affected | Component not present |
| SophosConnect Client | Not affected | Component not present |
| Sophos Home (Windows) | Not affected | Component not present |
| Sophos Home (MacOS) | Not affected | Component not present |
| SophosLabs Intelix | Not affected | Component not present |
| Sophos Mobile | Not affected | Component not present |
| Sophos Mobile EAS Proxy | Not affected | Component not present |
| Sophos Mobile Control app (iOS + Android) | Not affected | Component not present |
| Sophos Intercept X for Mobile app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Email app (iOS + Android) | Not affected | Component not present |
| Sophos Secure Workspace app (iOS + Android) | Not affected | Component not present |
| Sophos Chrome Security | Not affected | Component not present |
| Sophos PhishThreat | Not affected | Component not present |
| Sophos RED | Not affected | Component not present |
| Sophos AP/APX (SFOS Managed) | Not affected | Component not present |
| Sophos AP/APX (Central Managed) | Not affected | Component not present |
| Sophos Wireless | Not affected | Component not present |
| Sophos DNS Protection | Not affected | Component not present |
| SUSI | Not affected | Component not present |
| AV Engine (all platforms) | Not affected | Component not present |
Related Information
Sophos Responsible Disclosure Policy
To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.