CVE-2024-48874 CRITICAL

CVE-2024-48874: Ruijie Reyee OS Server-Side Request Forgery

Vendor Ruijie

Product Reyee OS

Weakness CWE-918 · SSRF

Published December 6, 2024

Last update December 6, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

Key dates

02Disclosure timeline

December 6, 2024 CVE published

December 6, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-48874 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2024-48874: Ruijie Reyee OS Server-Side Request Forgery

01Description

02Disclosure timeline

03References

04Related CVE