3.0.1
CVE-2024-5407 is a critical vulnerability affecting RhinOS versions 3.0-1190 through 3.0-1190. This flaw allows for PHP code injection through the 'search' parameter in the /portal/search.htm endpoint. Successful exploitation can grant a remote attacker the ability to execute arbitrary code on the system, potentially compromising the entire infrastructure. The vulnerability has been resolved in RhinOS version 3.0.1.
The impact of CVE-2024-5407 is severe. An attacker exploiting this vulnerability can achieve remote code execution (RCE) on the affected RhinOS system. This means they can execute arbitrary commands with the privileges of the web server user, effectively gaining complete control over the system. This could lead to data theft, modification, or deletion, as well as the installation of malware or the use of the compromised system as a launchpad for further attacks against other systems on the network. The ability to execute a reverse shell is particularly concerning, as it allows the attacker to maintain persistent access to the system even after the initial exploit.
CVE-2024-5407 was publicly disclosed on 2024-05-27. The vulnerability's ease of exploitation, combined with the potential for complete system compromise, suggests a high probability of exploitation. While no public proof-of-concept (PoC) has been widely reported, the simplicity of the injection attack makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations utilizing RhinOS in their industrial control systems or other critical infrastructure deployments are particularly at risk. Systems exposed directly to the internet without adequate security controls are also highly vulnerable. Shared hosting environments where multiple users share the same RhinOS instance could allow attackers to compromise multiple tenants through this vulnerability.
• linux / server:
journalctl -u php-fpm -g 'search.htm' | grep -i 'php://filter'• generic web:
curl -I 'http://your-rhinos-server/portal/search.htm?search=php://filter/convert.foo.bar' | grep 'Content-Type' # Check for unexpected content typesdisclosure
エクスプロイト状況
EPSS
1.62% (82% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2024-5407 is to immediately upgrade RhinOS to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious PHP code in the 'search' parameter. Input validation on the /portal/search.htm endpoint should be implemented to sanitize user input and prevent the injection of malicious code. Monitor system logs for unusual activity, particularly attempts to execute PHP code from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting a code injection attack via the /portal/search.htm endpoint and verifying that the request is properly sanitized.
RhinOSを3.0-1190より後のバージョンにアップデートし、コードインジェクションの脆弱性を修正してください。詳細については、リリースノートまたはベンダーのウェブサイトを参照してください。修正バージョンが利用できない場合は、修正が公開されるまで検索機能の無効化またはアクセス制限を検討してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2024-5407 is a critical vulnerability in RhinOS versions 3.0-1190 through 3.0-1190 that allows a remote attacker to inject PHP code via the 'search' parameter, potentially leading to full system compromise.
If you are running RhinOS version 3.0-1190 through 3.0-1190, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to RhinOS version 3.0.1 or later. Implement WAF rules and input validation as temporary mitigations if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation. Monitor security advisories for updates.
Refer to the RhinOS security advisories page for the latest information and official guidance regarding CVE-2024-5407.