Plataforma
php
Componente
rhinos
Corrigido em
3.0.1
CVE-2024-5407 is a critical vulnerability affecting RhinOS versions 3.0-1190 through 3.0-1190. This flaw allows for PHP code injection through the 'search' parameter in the /portal/search.htm endpoint. Successful exploitation can grant a remote attacker the ability to execute arbitrary code on the system, potentially compromising the entire infrastructure. The vulnerability has been resolved in RhinOS version 3.0.1.
The impact of CVE-2024-5407 is severe. An attacker exploiting this vulnerability can achieve remote code execution (RCE) on the affected RhinOS system. This means they can execute arbitrary commands with the privileges of the web server user, effectively gaining complete control over the system. This could lead to data theft, modification, or deletion, as well as the installation of malware or the use of the compromised system as a launchpad for further attacks against other systems on the network. The ability to execute a reverse shell is particularly concerning, as it allows the attacker to maintain persistent access to the system even after the initial exploit.
CVE-2024-5407 was publicly disclosed on 2024-05-27. The vulnerability's ease of exploitation, combined with the potential for complete system compromise, suggests a high probability of exploitation. While no public proof-of-concept (PoC) has been widely reported, the simplicity of the injection attack makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations utilizing RhinOS in their industrial control systems or other critical infrastructure deployments are particularly at risk. Systems exposed directly to the internet without adequate security controls are also highly vulnerable. Shared hosting environments where multiple users share the same RhinOS instance could allow attackers to compromise multiple tenants through this vulnerability.
• linux / server:
journalctl -u php-fpm -g 'search.htm' | grep -i 'php://filter'• generic web:
curl -I 'http://your-rhinos-server/portal/search.htm?search=php://filter/convert.foo.bar' | grep 'Content-Type' # Check for unexpected content typesdisclosure
Status do Exploit
EPSS
1.62% (percentil 82%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-5407 is to immediately upgrade RhinOS to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious PHP code in the 'search' parameter. Input validation on the /portal/search.htm endpoint should be implemented to sanitize user input and prevent the injection of malicious code. Monitor system logs for unusual activity, particularly attempts to execute PHP code from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting a code injection attack via the /portal/search.htm endpoint and verifying that the request is properly sanitized.
Atualize RhinOS para uma versão posterior a 3.0-1190 que corrija a vulnerabilidade de injeção de código. Consulte as notas da versão ou o site do fornecedor para obter mais informações sobre a atualização. Se não houver uma versão corrigida disponível, considere desabilitar ou restringir o acesso à funcionalidade de busca até que uma solução seja publicada.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-5407 is a critical vulnerability in RhinOS versions 3.0-1190 through 3.0-1190 that allows a remote attacker to inject PHP code via the 'search' parameter, potentially leading to full system compromise.
If you are running RhinOS version 3.0-1190 through 3.0-1190, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to RhinOS version 3.0.1 or later. Implement WAF rules and input validation as temporary mitigations if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation. Monitor security advisories for updates.
Refer to the RhinOS security advisories page for the latest information and official guidance regarding CVE-2024-5407.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.