Security Vulnerability in Ruijie Reyee OS Could Allow Access to Sensitive Information
CVE-2024-42494
7.5HIGH
Summary
The Ruijie Reyee OS, specifically versions ranging from 2.206.x up to but not including 2.320.x, contains a vulnerability that could allow sub accounts or malicious entities to access and exfiltrate sensitive information from all cloud accounts linked to Ruijie's services. This flaw poses significant risks as it could potentially jeopardize the confidentiality of sensitive user data and operational secrets. Organizations utilizing Ruijie Reyee OS must assess their configurations and implement necessary security measures to mitigate against unauthorized information exposure.
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published