Attackers Could Forge Requests to Ruijie's Proxy Servers, Access Internal Services and Cloud Infrastructure
CVE-2024-48874

9.8CRITICAL

Key Information:

Vendor

Ruijie

Status
Reyee Os
Vendor
CVE Published:
6 December 2024

What is CVE-2024-48874?

A significant vulnerability exists in Ruijie Reyee OS versions from 2.206.x up to, but not including, 2.320.x. This vulnerability potentially allows attackers to exploit Ruijie’s proxy servers to execute arbitrary requests. As a result, unauthorized users could gain access to sensitive internal services utilized by Ruijie and their internal cloud infrastructure, including AWS cloud metadata services. This exposure can lead to severe information security risks, necessitating prompt mitigation efforts by affected organizations.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.