Palo Alto Networks产品安全团队对CUPS相关漏洞进行评估，其产品和云服务未受影响，无需软件更新，可通过创建安全策略规则来阻断CUPS流量。

🎯Palo Alto Networks产品安全保障团队对多个CUPS相关漏洞进行了评估，涉及多种产品，但这些产品未包含受影响的CUPS相关软件包，不会受到这些漏洞的影响。

🚫目前Palo Alto Networks未发现有针对此问题的恶意利用情况，且此时不需要软件更新。

🛡️若客户决定阻断CUPS流量，可创建针对'cups'应用的安全策略规则，具体可参考相关文档信息。

Palo Alto Networks Security Advisories /CVE-2024-47076CVE-2024-47076 Informational: No Impact of CUPS Vulnerabilities on Palo Alto Networks ProductsInformationalNVDJSON Published2024-09-26 Updated2024-09-26ReferenceDescriptionThe Palo Alto Networks Product Security Assurance team has evaluated CVE-2024-47076, CVE-2024-47177, CVE-2024-47175, and CVE-2024-47176 in the Common UNIX Printing System (CUPS) as they relate to our products.Based on current information, Palo Alto Networks products and cloud services do not contain affected CUPS-related software packages and are not impacted by these issues.CVESummaryCVE-2024-47076The listed products do not contain affected CUPS-related software packages and are not impacted by this issue.CVE-2024-47177The listed products do not contain affected CUPS-related software packages and are not impacted by this issue.CVE-2024-47175The listed products do not contain affected CUPS-related software packages and are not impacted by this issue.CVE-2024-47176The listed products do not contain affected CUPS-related software packages and are not impacted by this issue.Product StatusVersionsAffectedUnaffectedCloud NGFW NoneAllCortex XDR NoneAllCortex XDR Agent NoneAllCortex XSIAM NoneAllCortex XSOAR NoneAllGlobalProtect App NoneAllPAN-OS NoneAllPrisma Access NoneAllPrisma Access Browser NoneAllPrisma Cloud NoneAllPrisma Cloud Compute NoneAllPrisma SD-WAN NoneAllExploitation StatusPalo Alto Networks is not aware of any malicious exploitation of this issue.Weakness TypeCWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')SolutionNo software updates are required at this time.Workarounds and MitigationsCustomers who decide to block CUPS traffic can create a Security policy rule (Policies > Security) that targets the "cups" application. Refer to the information about creating Security policy rules: https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-admin/policy/security-policy/create-a-security-policy-ruleAcknowledgmentsPalo Alto Networks thanks Simone Margaritelli (@evilsocket) for discovering and reporting this vulnerability.Palo Alto Networks thanks CERT/CC for coordinating the disclosure of this vulnerability.Timeline2024-09-26Initial publication