CVE-2024-42366 describes a critical Remote Code Execution (RCE) vulnerability discovered in VRCX, an assistant application for VRChat. This flaw allows attackers to potentially execute arbitrary commands on vulnerable systems by exploiting a misconfigured CefSharp browser and cross-site scripting via overlay notifications. The vulnerability affects VRCX versions prior to 2024.03.23, and a patch is available in version 2023.12.24, alongside API-side blocking of older versions.
The impact of CVE-2024-42366 is severe. A successful exploit allows an attacker to achieve remote code execution on a user's machine running a vulnerable version of VRCX. This could lead to complete system compromise, including data theft, malware installation, and further lateral movement within the network. The combination of CefSharp's over-permissions and the ability to inject cross-site scripting payloads creates a potent attack vector. While the VRC team has implemented API-side blocking to prevent older versions from functioning, users who haven't updated are still at risk if they somehow manage to run the outdated application.
CVE-2024-42366 was publicly disclosed on August 8, 2024. The vulnerability's severity is classified as CRITICAL (CVSS 9.1). Public proof-of-concept exploits are not yet widely available, but the combination of over-permissions and XSS makes exploitation likely. It is not currently listed on CISA KEV, but its critical severity warrants monitoring. Active campaigns are not currently confirmed, but the ease of exploitation could lead to opportunistic attacks.
Users of VRCX who have not updated to version 2023.12.24 are at significant risk. This includes users who rely on older VRCX versions for specific VRChat functionalities or those who haven't applied updates due to compatibility concerns. Shared hosting environments where VRCX is installed could also expose multiple users to this vulnerability.
• windows / supply-chain:
Get-Process | Where-Object {$_.ProcessName -eq "VRCX"}• windows / supply-chain:
Get-ItemProperty -Path 'HKLM:\Software\VRCX' -Name Version• windows / supply-chain:
Get-WinEvent -LogName Application -FilterXPath "*[System[Provider[@Name='VRCX']]]" -MaxEvents 10disclosure
patch
Status do Exploit
EPSS
2.68% (percentil 86%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-42366 is to immediately upgrade VRCX to version 2023.12.24 or later. The VRC team has also implemented API-side blocking to prevent older versions from connecting, which provides an additional layer of protection. If upgrading is temporarily impossible, consider isolating vulnerable systems from external networks to limit potential attack vectors. While a WAF or proxy cannot directly address this vulnerability, it can help mitigate the risk of cross-site scripting attacks. After upgrading, confirm the fix by verifying the VRCX version and attempting to access VRChat to ensure the API-side blocking is functioning as expected.
Atualize VRCX para a versão 2023.12.24 ou posterior. A atualização corrige as vulnerabilidades de scripting entre sites e permissões excessivas que permitem a execução remota de comandos. Se estiver utilizando uma versão anterior, você deve atualizar para continuar usando VRCX.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-42366 is a critical RCE vulnerability in VRCX, an assistant application for VRChat, allowing attackers to execute commands via a misconfigured CefSharp browser and XSS.
You are affected if you are using VRCX versions prior to 2023.12.24. Ensure you upgrade immediately to mitigate the risk.
Upgrade VRCX to version 2023.12.24 or later. Also, ensure the VRC API-side blocking is active to prevent older versions from connecting.
While active exploitation is not currently confirmed, the vulnerability's severity and ease of exploitation suggest it could become a target for opportunistic attacks.
Refer to the official VRChat security advisory for details and updates: [https://www.vrchat.com/security/](https://www.vrchat.com/security/)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.