Server-Side Request Forgery Vulnerability in IPC Unigy Management System
CVE-2024-11618

7.3HIGH

Key Information:

Vendor: Ipc
Status: Unigy Management System
Vendor: CVE Published:; 22 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-11618?

A critical vulnerability, identified as CVE-2024-11618, exists within the IPC Unigy Management System version 04.03.00.08.0027. This flaw is located within the component responsible for handling HTTP requests. It permits attackers to exploit server-side request forgery (SSRF), allowing unauthorized remote access to potentially sensitive internal resources. The public disclosure of this exploit raises considerable risks for users, particularly given the vendor's lack of response to early warnings about the issue. Immediate mitigation measures are strongly advised to prevent malicious exploitation.

Affected Version(s)

Unigy Management System 04.03.00.08.0027

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-11618 - Proof of Concept

References

https://vuldb.com/?id.285841

vdb-entry

https://vuldb.com/?ctiid.285841

signaturepermissions-required

https://vuldb.com/?submit.441817

third-party-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 22, 2024
👾
Exploit known to exist
Nov 22, 2024
Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

braga (VulDB User)

Ipc