← Volver a CVEs
CVE-2024-48874
CRITICAL9.8
Descripcion
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/6/2024
Ultima modificacion12/10/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
ruijienetworks:reyee_os
Debilidades (CWE)
CWE-918
Referencias
https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01(ics-cert@hq.dhs.gov)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.