Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
History

Tue, 10 Dec 2024 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Ruijienetworks
Ruijienetworks reyee Os
CPEs cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:*
Vendors & Products Ruijienetworks
Ruijienetworks reyee Os

Fri, 06 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Ruijie
Ruijie reyee Os
CPEs cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:*
Vendors & Products Ruijie
Ruijie reyee Os
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 06 Dec 2024 18:30:00 +0000

Type Values Removed Values Added
Description Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
Title Ruijie Reyee OS Server-Side Request Forgery
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-12-06T18:22:15.725Z

Updated: 2024-12-06T20:39:47.635Z

Reserved: 2024-11-20T23:41:59.177Z

Link: CVE-2024-48874

cve-icon Vulnrichment

Updated: 2024-12-06T19:23:15.980Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-06T19:15:12.933

Modified: 2024-12-10T19:44:16.093

Link: CVE-2024-48874

cve-icon Redhat

No data.