CVE-2024-23692

Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

Rejetto HTTP File Server, hasta la versión 2.3m incluida, es vulnerable a una vulnerabilidad de inyección de plantilla. Esta vulnerabilidad permite que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema afectado enviando una solicitud HTTP especialmente manipulada. A partir de la fecha de asignación de CVE, Rejetto HFS 2.3m ya no es compatible.

Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.

*Credits: Arseniy Sharoglazov

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-01-19 CVE Reserved
2024-05-25 First Exploit
2024-05-31 CVE Published
2024-07-09 Exploited in Wild
2024-07-30 KEV Due Date
2024-08-19 CVE Updated
2024-09-15 EPSS Updated

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

CAPEC

CAPEC-242: Code Injection

References (14)

URL	Tag	Source
https://vulncheck.com/advisories/rejetto-unauth-rce	Third Party Advisory

URL	Date	SRC
https://github.com/verylazytech/CVE-2024-23692	2024-09-16
https://github.com/0x20c/CVE-2024-23692-EXP	2024-06-18
https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692	2024-07-10
https://github.com/jakabakos/CVE-2024-23692-RCE-in-Rejetto-HFS	2024-06-13
https://github.com/vanboomqi/CVE-2024-23692	2024-06-15
https://github.com/BBD-YZZ/CVE-2024-23692	2024-06-18
https://github.com/k3lpi3b4nsh33/CVE-2024-23692	2024-06-11
https://github.com/Tupler/CVE-2024-23692-exp	2024-06-16
https://github.com/Mr-r00t11/CVE-2024-23692	2024-06-14
https://github.com/WanLiChangChengWanLiChang/CVE-2024-23692-RCE	2024-06-13
https://github.com/rapid7/metasploit-framework/pull/19240	2024-08-19
https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce	2024-08-19
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rejetto_hfs_rce_cve_2024_23692.rb	2024-05-25

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rejetto Search vendor "Rejetto"		Http File Server Search vendor "Rejetto" for product "Http File Server"				<= 2.3m Search vendor "Rejetto" for product "Http File Server" and version " <= 2.3m"		-		Affected