- Description
- Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- ics-cert@hq.dhs.gov
- CWE-918
- Hype score
- Not currently trending
Claroty Team82 uncovered 10 vulnerabilities in Ruijie's Reyee cloud platform, enabling RCE on connected devices. Critical CVEs include: CVE-2024-47547 (9.4), CVE-2024-48874 (9.8), CVE-2024-52324 (9.8). Beware of "Open Sesame" attack exploiting proximity. All patched by Ruijie.… h
@gothburz
25 Dec 2024
107 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE Alert: CVE-2024-48874 - https://t.co/0oGqWoFsc5 #OSINT #ThreatIntel #CyberSecurity #cve_2024_48874
@RedPacketSec
7 Dec 2024
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-48874 Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers… https://t.co/bCe3r4oLhc
@CVEnew
6 Dec 2024
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-48874: CRITICAL] Vulnerability in Ruijie Reyee OS versions 2.206.x to 2.320.x allows attackers to manipulate proxy servers for unauthorized access to internal services and cloud infrastructure. #cyberse...#cybersecurity,#vulnerability https://t.co/8erkPOgqBH https://t.c
@CveFindCom
6 Dec 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0847A16C-8A5D-4016-83E9-6DC80588E105",
"versionEndExcluding": "2.320.0",
"versionStartIncluding": "2.206.0"
}
],
"operator": "OR"
}
]
}
]