Platform
other
Component
reyee-os
Fixed in
2.320.x
CVE-2024-48874 is a critical vulnerability affecting Ruijie Reyee OS versions 2.206.x through 2.320.x. This flaw allows attackers to manipulate the proxy server, forcing it to execute arbitrary requests. The impact includes potential access to internal services and Ruijie's internal cloud infrastructure via AWS metadata, posing a significant security risk. A fix is available in version 2.320.x.
The vulnerability's impact is severe due to the ability to force the proxy server to perform arbitrary requests. An attacker could leverage this to bypass security controls and gain unauthorized access to internal resources. Specifically, the description highlights the potential to access internal services and Ruijie's internal cloud infrastructure through AWS cloud metadata services. This could lead to data exfiltration, system compromise, and disruption of services. The ability to access AWS metadata services is particularly concerning, as it could provide attackers with credentials and other sensitive information used to further compromise the environment.
CVE-2024-48874 was publicly disclosed on December 6, 2024. The vulnerability's criticality (CVSS 9.8) and potential impact suggest a high probability of exploitation. As of this writing, there are no publicly available proof-of-concept exploits. It is advisable to monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting Ruijie Reyee OS.
Exploit Status
EPSS
0.09% (26% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-48874 is to upgrade Ruijie Reyee OS to version 2.320.x or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting outbound proxy connections to only trusted destinations. Review proxy server configurations to ensure they adhere to the principle of least privilege. Monitor proxy server logs for suspicious activity, particularly requests to unusual or unexpected destinations. While specific WAF rules or Sigma/YARA patterns are not readily available, implementing general rules to detect and block unusual outbound requests can provide an additional layer of defense.
Update Reyee OS to version 2.320.x or higher. This will correct the Server-Side Request Forgery (SSRF) vulnerability that allows attackers to access internal services. See the vendor security advisory for detailed upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-48874 is a critical vulnerability in Ruijie Reyee OS allowing attackers to force proxy servers to perform arbitrary requests, potentially accessing internal services and AWS metadata.
You are affected if you are running Ruijie Reyee OS versions 2.206.0–2.320.x. Upgrade to 2.320.x to resolve the issue.
Upgrade Ruijie Reyee OS to version 2.320.x or later. Consider temporary workarounds like restricting outbound proxy connections if an immediate upgrade is not possible.
As of now, there are no publicly available proof-of-concept exploits, but the high severity score suggests a potential for exploitation. Monitor security advisories.
Refer to the official Ruijie security advisory for detailed information and updates regarding CVE-2024-48874.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.