Platform
nginx
Component
nginx-ui
Fixed in
2.0.1
CVE-2024-23827 is a critical vulnerability affecting Nginx-UI versions up to 2.0.0.beta.12. This vulnerability allows for arbitrary file access, enabling attackers to write files to the system. Exploitation can lead to remote code execution by overwriting the app.ini configuration file. A fix was released in version 2.0.0.beta.12.
The Import Certificate feature in Nginx-UI lacks proper input validation, allowing attackers to bypass intended security checks. By providing malicious input that isn't a valid certificate or key, an attacker can specify arbitrary file paths for writing. This directly allows for overwriting critical configuration files, such as app.ini. Successful exploitation grants the attacker the ability to execute arbitrary code on the server, effectively compromising the entire Nginx-UI instance and potentially the underlying system. The impact is severe, as it can lead to complete system takeover.
This vulnerability has been publicly disclosed and is considered critical due to the potential for remote code execution. While no active exploitation campaigns have been publicly reported as of this writing, the ease of exploitation and the critical nature of the vulnerability suggest a high probability of exploitation. No KEV listing exists at the time of this writing. Public proof-of-concept exploits are likely to emerge.
Exploit Status
EPSS
2.96% (86% percentile)
CVSS Vector
The primary mitigation for CVE-2024-23827 is to immediately upgrade Nginx-UI to version 2.0.0.beta.12 or later. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the Import Certificate endpoint with suspicious file paths. Additionally, restrict write access to the Nginx-UI installation directory to only the necessary user accounts. After upgrading, verify the fix by attempting to import a malformed certificate file and confirming that the write operation is denied.
Update Nginx-UI to version 2.0.0.beta.12 or higher. This version fixes the arbitrary file write vulnerability. The update can be performed by downloading the new version from the official repository and replacing the existing files.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-23827 is a critical vulnerability in Nginx-UI versions up to 2.0.0.beta.12 that allows attackers to write arbitrary files, potentially leading to remote code execution.
You are affected if you are using Nginx-UI versions 2.0.0.beta.12 or earlier. Upgrade to 2.0.0.beta.12 to resolve the issue.
Upgrade Nginx-UI to version 2.0.0.beta.12 or later. As a temporary workaround, implement a WAF rule to block suspicious requests to the import certificate endpoint.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the Nginx-UI project's repository or website for the official advisory and release notes regarding this vulnerability.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.