CVE-2024-51427

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Oct 30, 2024 / Updated: 20d ago

010
CVSS 9.8EPSS 0.04%Critical
CVE info copied to clipboard

Summary

An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function.

Impact

This vulnerability has a critical impact on the affected Ethereum systems. The attacker can execute arbitrary code remotely, which could lead to complete system compromise. The CVSS v3.1 base score is 9.8 (Critical), with high impacts on confidentiality, integrity, and availability. The attack vector is network-based, requires no user interaction, and can be executed with low attack complexity and no privileges. This indicates that the vulnerability is easily exploitable and can cause severe damage to affected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

As of the provided information, there is no specific mention of a patch being available. The security team should monitor Ethereum's official channels for patch releases and updates addressing this vulnerability.

Mitigation

1. Urgently update Ethereum to a version newer than v.1.12.2 once a patch becomes available. 2. Implement network segmentation to limit exposure of affected systems. 3. Monitor and restrict network access to the affected Ethereum nodes, especially focusing on the PepeGxng smart contract interactions. 4. Implement strong input validation and sanitization for all smart contract interactions, particularly for the mint function of the PepeGxng contract. 5. Regularly audit and review smart contract code for potential vulnerabilities. 6. Consider temporarily disabling or restricting access to the PepeGxng smart contract until a fix is implemented. 7. Implement and maintain robust logging and monitoring systems to detect any potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-51427

Oct 30, 2024 at 9:15 PM
First Article

Feedly found the first article mentioning CVE-2024-51427. See article

Oct 30, 2024 at 9:22 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 30, 2024 at 9:24 PM
EPSS

EPSS Score was set to: 0.04% (Percentile: 9.9%)

Oct 31, 2024 at 9:57 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 31, 2024 at 3:41 PM / nvd
Static CVE Timeline Graph

Affected Systems

Ethereum/ethereum
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

News

cveNotify : 🚨 CVE-2024-51427An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the mint function. NOTE: this is disputed by third parties because the impact is limited to function calls.🎖@cveNotify
cveNotify : 🚨 CVE-2024-51427An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the mint function. NOTE: this is disputed by third parties because the impact is limited to function calls.🎖@cveNotify
CVE-2024-51427 | Ethereum 1.12.2 PepeGxng Privilege Escalation
A vulnerability classified as critical was found in Ethereum 1.12.2 . Affected by this vulnerability is the function PepeGxng . The manipulation leads to Privilege Escalation. This vulnerability is known as CVE-2024-51427 . The attack can be launched remotely. There is no exploit available.
NA - CVE-2024-51427 - An issue in Ethereum v.1.12.2 allows remote...
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function.
CVE-2024-51427 - Ethereum Smart Contract Execution of Arbitrary Code Vulnerability
CVE ID : CVE-2024-51427 Published : Oct. 30, 2024, 9:15 p.m. 15 minutes ago Description : An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function. Severity: 0.0 NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-51427
An issue in Ethereum v.1.12.2 allows remote attacker to execute arbitrary code via the PepeGxng smart contract mint function.
See 2 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI