3.0.1
CVE-2024-5407 is a critical vulnerability affecting RhinOS versions 3.0-1190 through 3.0-1190. This flaw allows for PHP code injection through the 'search' parameter in the /portal/search.htm endpoint. Successful exploitation can grant a remote attacker the ability to execute arbitrary code on the system, potentially compromising the entire infrastructure. The vulnerability has been resolved in RhinOS version 3.0.1.
The impact of CVE-2024-5407 is severe. An attacker exploiting this vulnerability can achieve remote code execution (RCE) on the affected RhinOS system. This means they can execute arbitrary commands with the privileges of the web server user, effectively gaining complete control over the system. This could lead to data theft, modification, or deletion, as well as the installation of malware or the use of the compromised system as a launchpad for further attacks against other systems on the network. The ability to execute a reverse shell is particularly concerning, as it allows the attacker to maintain persistent access to the system even after the initial exploit.
CVE-2024-5407 was publicly disclosed on 2024-05-27. The vulnerability's ease of exploitation, combined with the potential for complete system compromise, suggests a high probability of exploitation. While no public proof-of-concept (PoC) has been widely reported, the simplicity of the injection attack makes it likely that PoCs will emerge. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations utilizing RhinOS in their industrial control systems or other critical infrastructure deployments are particularly at risk. Systems exposed directly to the internet without adequate security controls are also highly vulnerable. Shared hosting environments where multiple users share the same RhinOS instance could allow attackers to compromise multiple tenants through this vulnerability.
• linux / server:
journalctl -u php-fpm -g 'search.htm' | grep -i 'php://filter'• generic web:
curl -I 'http://your-rhinos-server/portal/search.htm?search=php://filter/convert.foo.bar' | grep 'Content-Type' # Check for unexpected content typesdisclosure
漏洞利用状态
EPSS
1.62% (82% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-5407 is to immediately upgrade RhinOS to version 3.0.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious PHP code in the 'search' parameter. Input validation on the /portal/search.htm endpoint should be implemented to sanitize user input and prevent the injection of malicious code. Monitor system logs for unusual activity, particularly attempts to execute PHP code from unexpected sources. After upgrading, confirm the vulnerability is resolved by attempting a code injection attack via the /portal/search.htm endpoint and verifying that the request is properly sanitized.
将 RhinOS 更新到 3.0-1190 之后的版本以修复代码注入 (code injection) 漏洞。 请参阅版本说明或供应商网站以获取有关更新的更多信息。 如果没有可用的修复版本,请考虑禁用或限制对搜索功能的访问,直到发布解决方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-5407 is a critical vulnerability in RhinOS versions 3.0-1190 through 3.0-1190 that allows a remote attacker to inject PHP code via the 'search' parameter, potentially leading to full system compromise.
If you are running RhinOS version 3.0-1190 through 3.0-1190, you are potentially affected by this vulnerability. Check your version and upgrade immediately.
The recommended fix is to upgrade to RhinOS version 3.0.1 or later. Implement WAF rules and input validation as temporary mitigations if immediate upgrade is not possible.
While no widespread exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high probability of exploitation. Monitor security advisories for updates.
Refer to the RhinOS security advisories page for the latest information and official guidance regarding CVE-2024-5407.