Detections
Analytics

CVE-2024-48874

critical

Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html

https://www.securityweek.com/critical-vulnerabilities-found-in-ruijie-reyee-cloud-management-platform/

Details

Source: Mitre, NVD

Published: 2024-12-06

Updated: 2024-12-10

Named Vulnerability: Open Sesame

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Severity: Critical

EPSS

EPSS: 0.00062