FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-49368

Improper Input Validation (CWE-20)

Published: Oct 21, 2024 / Updated: 29d ago

010
CVSS 8.9EPSS 0.04%High
CVE info copied to clipboard

Summary

Nginx UI, a web user interface for the Nginx web server, contains a vulnerability in versions prior to 2.0.0-beta.36. When Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, leading to arbitrary command execution.

Impact

This vulnerability allows an attacker to execute arbitrary commands on the system running Nginx UI. The impact is severe as it could lead to complete system compromise, including unauthorized access to sensitive data, modification of system configurations, and potential use of the compromised system as a launching point for further attacks. Given the network attack vector and the lack of required privileges or user interaction, this vulnerability could be exploited remotely, potentially affecting a large number of systems.

Exploitation

One proof-of-concept exploit is available on github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. The vulnerability has been fixed in Nginx UI version 2.0.0-beta.36.

Mitigation

1. Update Nginx UI to version 2.0.0-beta.36 or later as soon as possible. 2. If immediate updating is not possible, consider temporarily disabling the logrotate configuration feature in Nginx UI until the update can be applied. 3. Implement network segmentation and access controls to limit exposure of the Nginx UI interface. 4. Monitor system logs for any suspicious activities or unauthorized command executions. 5. Regularly audit and review the Nginx UI configurations and associated systems for any signs of compromise.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

CVE Assignment

NVD published the first details for CVE-2024-49368

Oct 21, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-49368. See article

Oct 21, 2024 at 5:16 PM / Vulners.com RSS Feed
CVSS

A CVSS base score of 8.9 has been assigned.

Oct 21, 2024 at 5:21 PM / nvd
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 21, 2024 at 5:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.7%)

Oct 22, 2024 at 10:47 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 6, 2024 at 6:30 PM / nvd
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Nov 6, 2024 at 8:10 PM
Static CVE Timeline Graph

Affected Systems

Nginxui/nginx_ui
+null more

Exploits

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm
+null more

Patches

github.com
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-10: Buffer Overflow via Environment Variables
+null more

News

Weekly Detection Rule (YARA and Snort) Information – Week 3, November 2024
ASEC / now
The following is the information on Yara and Snort rules (week 3, November 2024) collected and shared by the AhnLab TIP service. 1 YARA Rules Detection name Description Source MAL_ELF_Xlogin_Nov24_1 Detects xlogin backdoor samples https://github.com/Neo23x0/signature-base 4 Snort Rules Detection name Source ET WEB_SPECIFIC_APPS Symphony PHP Symfony Profiler Environment Manipulation (CVE-2024-50340) https://rules.emergingthreatspro.com/open/ ET WEB_SPECIFIC_APPS Citrix Session […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 3, November 2024 이 ASEC 에 처음 등장했습니다.
Ruleset Update Summary - 2024/11/13 - v10741
Emerging Threats - Latest posts / 6d
2057415 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (marshal-zhukov .com) (malware.rules) 2057416 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (marshal-zhukov .com in TLS SNI) (malware.rules)
Aashay221999/CVE-2024-49368
PoC-in-GitHub RSS / 7d
[GitHub]Explorations of CVE-2024-49368 + Exploit Development
CVE-2024-49368 Exploit
inTheWild.io Exploits / 13d
CVE Id : CVE-2024-49368 Published Date: 2024-11-06T18:28:00+00:00 Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue. inTheWild added a link to an exploit: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm
Nginx UI Security Update Advisory (CVE-2024-49368)
Security Advisory 보관 - ASEC / 25d
Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version. Vulnerability Patches have been made available in the latest updates.
See 7 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-20(11385)Nginxui(8)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial