Plattform
other
Komponente
reyee-os
Behoben in
2.320.x
CVE-2024-48874 is a critical vulnerability affecting Ruijie Reyee OS versions 2.206.x through 2.320.x. This flaw allows attackers to manipulate the proxy server, forcing it to execute arbitrary requests. The impact includes potential access to internal services and Ruijie's internal cloud infrastructure via AWS metadata, posing a significant security risk. A fix is available in version 2.320.x.
The vulnerability's impact is severe due to the ability to force arbitrary requests. An attacker could leverage this to bypass security controls and gain unauthorized access to internal resources. Specifically, the ability to access AWS cloud metadata services poses a significant risk, potentially exposing sensitive configuration data, credentials, and other information stored within Ruijie's internal cloud environment. This could lead to data breaches, system compromise, and further lateral movement within the network. The scope of the impact extends beyond the Reyee OS device itself, potentially affecting any systems or services accessible through the compromised proxy server.
CVE-2024-48874 was publicly disclosed on December 6, 2024. The vulnerability's criticality (CVSS 9.8) and potential for broad impact suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released at the time of writing, the ease of exploitation implied by the description raises concerns about potential exploitation in the wild. Monitor security advisories and threat intelligence feeds for updates.
Organizations utilizing Ruijie Reyee OS in their network infrastructure are at risk, particularly those relying on the proxy server for internet access and internal service routing. Environments with sensitive data or critical internal services are especially vulnerable. Shared hosting environments using Ruijie Reyee OS may also be affected, as the proxy server is a shared resource.
• windows / supply-chain: Monitor PowerShell execution for unusual proxy-related commands. Check scheduled tasks for suspicious proxy configurations.
• linux / server: Examine journalctl logs for proxy errors or unusual outbound requests. Use ss or lsof to identify processes making unexpected connections through the proxy.
• generic web: Monitor access and error logs for requests to unusual or unexpected destinations. Check response headers for signs of proxy manipulation.
disclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-48874 is to upgrade Ruijie Reyee OS to version 2.320.x or later. If immediate upgrading is not feasible, consider implementing temporary workarounds. These might include restricting outbound proxy connections to only trusted destinations, implementing stricter access controls on internal services, and monitoring proxy server logs for suspicious activity. Network segmentation can also limit the blast radius of a potential compromise. After upgrading, verify the fix by attempting to trigger the arbitrary request vulnerability and confirming that it is no longer exploitable.
Actualice Reyee OS a la versión 2.320.x o superior. Esto corregirá la vulnerabilidad de Server-Side Request Forgery (SSRF) que permite a los atacantes acceder a servicios internos. Consulte el aviso de seguridad del proveedor para obtener instrucciones detalladas sobre la actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-48874 is a critical vulnerability in Ruijie Reyee OS allowing attackers to force proxy servers to perform arbitrary requests, potentially accessing internal services and AWS metadata.
You are affected if you are running Ruijie Reyee OS versions 2.206.0–2.320.x. Upgrade to 2.320.x to resolve the issue.
Upgrade Ruijie Reyee OS to version 2.320.x or later. Consider temporary workarounds like restricting outbound proxy connections if an immediate upgrade is not possible.
As of now, there are no publicly available proof-of-concept exploits, but the high severity score suggests a potential for exploitation. Monitor security advisories.
Refer to the official Ruijie security advisory for detailed information and updates regarding CVE-2024-48874.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.