Plattform
nginx
Komponente
nginx-ui
Behoben in
2.0.1
CVE-2024-23827 is a critical vulnerability affecting Nginx-UI versions up to 2.0.0.beta.12. This vulnerability allows for arbitrary file access, enabling attackers to write files to the system. Exploitation can lead to remote code execution by overwriting the app.ini configuration file. A fix was released in version 2.0.0.beta.12.
The Import Certificate feature in Nginx-UI lacks proper input validation, allowing attackers to bypass intended security checks. By providing malicious input that isn't a valid certificate or key, an attacker can specify arbitrary file paths for writing. This directly allows for overwriting critical configuration files, such as app.ini. Successful exploitation grants the attacker the ability to execute arbitrary code on the server, effectively compromising the entire Nginx-UI instance and potentially the underlying system. The impact is severe, as it can lead to complete system takeover.
This vulnerability has been publicly disclosed and is considered critical due to the potential for remote code execution. While no active exploitation campaigns have been publicly reported as of this writing, the ease of exploitation and the critical nature of the vulnerability suggest a high probability of exploitation. No KEV listing exists at the time of this writing. Public proof-of-concept exploits are likely to emerge.
Organizations using Nginx-UI to manage their Nginx configurations are at risk, particularly those running older versions (≤ 2.0.0.beta.12). Shared hosting environments where multiple users have access to the Nginx-UI interface are especially vulnerable, as a compromised user account could be leveraged to exploit this vulnerability.
• linux / server: Monitor Nginx access logs for requests to the /import-certificate endpoint with unusual file paths in the POST data. Use grep to search for patterns like /etc/nginx/ or /var/www/.
grep 'import-certificate.*\/etc\/nginx\//access.log'• generic web: Use curl to test the import-certificate endpoint with a crafted payload containing an absolute path. Check the response for any signs of file creation or modification.
curl -X POST -d 'certificate=evil.txt;/etc/nginx/nginx.conf' http://your-nginx-ui/import-certificate• nginx: Examine Nginx configuration for any unusual directives or modifications that might indicate a successful exploit. Use nginx -T to test the configuration and identify potential issues.
disclosure
Exploit-Status
EPSS
2.96% (86% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-23827 is to immediately upgrade Nginx-UI to version 2.0.0.beta.12 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the Import Certificate endpoint with suspicious file paths. Additionally, restrict write access to the Nginx-UI installation directory to only the necessary user accounts. After upgrading, verify the fix by attempting to import a malformed certificate file and confirming that the write operation is denied.
Aktualisieren Sie Nginx-UI auf Version 2.0.0.beta.12 oder höher. Diese Version behebt die Schwachstelle für das beliebige Schreiben von Dateien. Das Update kann durchgeführt werden, indem die neue Version von dem offiziellen Repository heruntergeladen und die vorhandenen Dateien ersetzt werden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-23827 is a critical vulnerability in Nginx-UI versions up to 2.0.0.beta.12 that allows attackers to write arbitrary files, potentially leading to remote code execution.
You are affected if you are using Nginx-UI versions 2.0.0.beta.12 or earlier. Upgrade to 2.0.0.beta.12 to resolve the issue.
Upgrade Nginx-UI to version 2.0.0.beta.12 or later. As a temporary workaround, implement a WAF rule to block suspicious requests to the import certificate endpoint.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Nginx-UI project's repository or website for the official advisory and release notes regarding this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.