CVE-2024-23692 - OpenCVE

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Rejetto	Http File Server

Configuration 1 [-]

cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/rapid7/metasploit-framework/pull/19240
https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
https://vulncheck.com/advisories/rejetto-unauth-rce
https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692

History

Mon, 19 Aug 2024 08:30:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2024-05-31T09:36:28.763Z

Updated: 2024-08-19T07:47:47.114Z

Reserved: 2024-01-19T17:35:14.201Z

Link: CVE-2024-23692

Vulnrichment

Updated: 2024-08-19T07:47:47.114Z

NVD

Status : Analyzed

Published: 2024-05-31T10:15:09.330

Modified: 2024-08-14T16:59:39.767

Link: CVE-2024-23692

Redhat

No data.

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-23692", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2024-01-19T17:35:14.201Z", "datePublished": "2024-05-31T09:36:28.763Z", "dateUpdated": "2024-08-19T07:47:47.114Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HTTP File Server", "vendor": "Rejetto", "versions": [{"lessThanOrEqual": "2.3m", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Arseniy Sharoglazov"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.<br>"}], "value": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Private exploits are known to exist<br>"}], "value": "Private exploits are known to exist"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2024-05-31T12:55:57.980Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://vulncheck.com/advisories/rejetto-unauth-rce"}, {"tags": ["third-party-advisory", "technical-description"], "url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/"}, {"url": "https://github.com/rapid7/metasploit-framework/pull/19240"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned"], "title": "Rejetto HTTP File Server 2.3m Unauthenticated RCE", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "rejetto", "product": "http_file_server", "cpes": ["cpe:2.3:a:rejetto:http_file_server:2.3m:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.3m", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-12T03:55:17.635887Z", "id": "CVE-2024-23692", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-07-09", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-12T10:51:42.062Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:47.114Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://vulncheck.com/advisories/rejetto-unauth-rce"}, {"tags": ["third-party-advisory", "technical-description", "x_transferred"], "url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/"}, {"url": "https://github.com/rapid7/metasploit-framework/pull/19240", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692"}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vulncheck.com/advisories/rejetto-unauth-rce", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/", "tags": ["third-party-advisory", "technical-description", "x_transferred"]}, {"url": "https://github.com/rapid7/metasploit-framework/pull/19240", "tags": ["x_transferred"]}, {"url": "https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:47.114Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-23692", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-12T03:55:17.635887Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2024-07-09", "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"}}}], "affected": [{"cpes": ["cpe:2.3:a:rejetto:http_file_server:2.3m:*:*:*:*:*:*:*"], "vendor": "rejetto", "product": "http_file_server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3m"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T14:53:23.367Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Rejetto HTTP File Server 2.3m Unauthenticated RCE", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Arseniy Sharoglazov"}], "impacts": [{"capecId": "CAPEC-242", "descriptions": [{"lang": "en", "value": "CAPEC-242 Code Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Rejetto", "product": "HTTP File Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.3m"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Private exploits are known to exist", "supportingMedia": [{"type": "text/html", "value": "Private exploits are known to exist<br>", "base64": false}]}], "references": [{"url": "https://vulncheck.com/advisories/rejetto-unauth-rce", "tags": ["third-party-advisory"]}, {"url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/", "tags": ["third-party-advisory", "technical-description"]}, {"url": "https://github.com/rapid7/metasploit-framework/pull/19240"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.", "supportingMedia": [{"type": "text/html", "value": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2024-05-31T12:55:57.980Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23692", "state": "PUBLISHED", "dateUpdated": "2024-08-19T07:47:47.114Z", "dateReserved": "2024-01-19T17:35:14.201Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2024-05-31T09:36:28.763Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cisaActionDue": "2024-07-30", "cisaExploitAdd": "2024-07-09", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "45104C5E-38F4-4A30-9988-4323D6ADA127", "versionEndIncluding": "2.3m", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported."}, {"lang": "es", "value": "Rejetto HTTP File Server, hasta la versi\u00f3n 2.3m incluida, es vulnerable a una vulnerabilidad de inyecci\u00f3n de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. A partir de la fecha de asignaci\u00f3n de CVE, Rejetto HFS 2.3m ya no es compatible."}], "id": "CVE-2024-23692", "lastModified": "2024-08-14T16:59:39.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2024-05-31T10:15:09.330", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/rapid7/metasploit-framework/pull/19240"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit"], "url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulncheck.com/advisories/rejetto-unauth-rce"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1336"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}