Platform
php
Component
rhinos
Fixed in
3.0.1
CVE-2024-5407 is a critical vulnerability affecting RhinOS versions 3.0-1190 through 3.0-1190. This flaw allows for PHP code injection through the 'search' parameter in the /portal/search.htm endpoint. Successful exploitation can grant a remote attacker the ability to execute arbitrary code on the system, potentially compromising the entire infrastructure. The vulnerability has been resolved in RhinOS version 3.0.1.
The impact of CVE-2024-5407 is severe. An attacker exploiting this vulnerability can achieve remote code execution (RCE) on the affected RhinOS system. This means they can execute arbitrary commands with the privileges of the web server user, effectively gaining complete control over the system. This could lead to data theft, modification, or deletion, as well as the installation of malware or the use of the compromised system as a launchpad for further attacks against other systems on the network. The ability to execute a reverse shell is particularly concerning, as it allows the attacker to maintain persistent access to the system even after the initial exploit.
CVE-2024-5407 was publicly disclosed on 2024-05-27. The vulnerability's ease of exploitation, combined with the potential for complete system compromise, suggests a high probability of exploitation. While no public proof-of-concept (PoC) has been widely reported, the simplicity of the injection attack makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Exploit Status
EPSS
1.62% (82% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-5407 is to immediately upgrade RhinOS to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious PHP code in the 'search' parameter. Input validation on the /portal/search.htm endpoint should be implemented to sanitize user input and prevent the injection of malicious code. Monitor system logs for unusual activity, particularly attempts to execute PHP code from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting a code injection attack via the /portal/search.htm endpoint and verifying that the request is properly sanitized.
Update RhinOS to a version later than 3.0-1190 that fixes the code injection vulnerability. Refer to the release notes or vendor website for more information about the update. If no patched version is available, consider disabling or restricting access to the search functionality until a fix is released.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-5407 is a critical vulnerability in RhinOS versions 3.0-1190 through 3.0-1190 that allows a remote attacker to inject PHP code via the 'search' parameter, potentially leading to full system compromise.
If you are running RhinOS version 3.0-1190 through 3.0-1190, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to RhinOS version 3.0.1 or later. Implement WAF rules and input validation as temporary mitigations if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation. Monitor security advisories for updates.
Refer to the RhinOS security advisories page for the latest information and official guidance regarding CVE-2024-5407.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.