CVE-2024-6269

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Jun 23, 2024 / Updated: 4mo ago

010
CVSS 5.1EPSS 0.05%Medium
CVE info copied to clipboard

Summary

CVE-2024-6269 is a critical vulnerability affecting the Ruijie RG-UAC 1.0 software. The vulnerability exists in the get_ip.addr_details function of the /view/vpn/autovpn/sxh_vpnlic.php file, which handles HTTP POST requests. By manipulating the indevice argument, an attacker can achieve command injection, allowing them to execute arbitrary commands on the affected system. This vulnerability can be exploited remotely without user interaction, and a public exploit has been disclosed.

Impact

This vulnerability allows an unauthenticated remote attacker to execute arbitrary commands on the affected system with high privileges. Successful exploitation could lead to complete system compromise, data theft or corruption, deployment of malware or ransomware, and potentially pivoting to other systems on the network.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

The vendor has not provided a patch or official mitigation for this vulnerability yet.

Mitigation

Until an official patch is available, it is strongly recommended to restrict access to the affected Ruijie RG-UAC 1.0 systems from untrusted networks, implement strict input validation, and follow the principle of least privilege. Additionally, monitoring for any suspicious activity and keeping the systems up-to-date with the latest security updates from the vendor is advised.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Timeline

First Article

Feedly found the first article mentioning CVE-2024-6269. See article

Jun 23, 2024 at 8:42 AM / VulDB :verified:
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Jun 23, 2024 at 11:41 AM
CVE Assignment

NVD published the first details for CVE-2024-6269

Jun 23, 2024 at 12:15 PM
CVSS

A CVSS base score of 4.7 has been assigned.

Jun 23, 2024 at 12:20 PM / nvd
Trending

This CVE started to trend in security discussions

Jun 23, 2024 at 12:40 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 15.6%)

Jun 24, 2024 at 10:06 AM
Trending

This CVE stopped trending in security discussions

Jun 25, 2024 at 4:25 PM
Static CVE Timeline Graph

Affected Systems

Ruijie/rg-uac
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

CVE-2024-6269
A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. CVE-2024-6269 originally published on CyberSecurityBoard
CVE-2024-6269
Medium Severity Description A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Read more at https://www.tenable.com/cve/CVE-2024-6269
CVE-2024-6269
Gravedad 3.1 (CVSS 3.1 Base Score) VDB-269482 is the identifier assigned to this vulnerability.
NA - CVE-2024-6269 - A vulnerability has been found in Ruijie RG-UAC...
This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. % Id Name 100 % CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
Critical Vulnerability in Ruijie RG-UAC 1.0 Allows Command Injection
Ruijie - MEDIUM - CVE-2024-6269 A vulnerability has been found in Ruijie RG-UAC 1.0 and classified as critical. This vulnerability affects the function get_ip.addr_details of the file /view/vpn/autovpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument indevice leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269482 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
See 8 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:Low

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI