CVE-2024-23692:
Unauthenticated remote code execution vulnerability in Rejetto HTTP File Server up to version 2.3m (and earlier) through a template injection flaw; an unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP request. The vulnerability affects the affected versions, and the vendor no longer supports these releases.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:May 31, 2024
- CISA KEV Date:Jul 9, 2024
- Industries Affected:20
39 DaysThreat Predictions
- EPSS Score:94.3
- EPSS Percentile:100%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Unauthenticated remote code execution vulnerability in Rejetto HTTP File Server up to version 2.3m (and earlier) through a template injection flaw; an unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP request. The vulnerability affects the affected versions, and the vendor no longer supports these releases.
Overview
Rejetto HTTP File Server 2.3m and earlier versions contain a template injection vulnerability that allows a remote, unauthenticated attacker to execute arbitrary commands on the host by issuing a crafted HTTP request. The issue has a high severity (CVSS v3.1 base score 9.8, CRITICAL) due to its network-based exploitation, lack of required privileges or user interaction, and the potential impact on confidentiality, integrity, and availability. The vulnerability is linked to improper handling of template elements (CWE-1336) and aligns with CAPEC-242 Code Injection. The project is no longer supported by the vendor, and public exploit visibility has been noted.
Remediation
- Immediately discontinue use of Rejetto HTTP File Server 2.3m or any affected builds; decommission if possible.
- If upgrade is not feasible, isolate the server from untrusted networks and restrict access with network controls (firewalls, VPN-only access, DMZ segmentation).
- Replace the affected software with a currently maintained and supported file server or web server solution.
- If you must continue operating the system, implement compensating controls such as a robust WAF to block anomalous templating requests, monitor for suspicious HTTP requests, and enforce strict access logging and alerting.
- Conduct an incident review and scan for indicators of compromise; rotate credentials only if any other services rely on shared authentication (though this vulnerability itself does not require authentication).
- Plan and execute an upgrade path to a supported release or migration to a replacement product; verify that the new system is patched and properly configured before re-exposing to the network.
- Communicate risk to stakeholders and consider decommissioning the affected host entirely if possible.
References
- - https://vulncheck.com/advisories/rejetto-unauth-rce
- - https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
- - https://github.com/rapid7/metasploit-framework/pull/19240
- - https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692
- - https://capec.mitre.org/data/definitions/242.html
- - https://cwe.mitre.org/data/definitions/1336.html
- - https://nvd.nist.gov/vuln/detail/CVE-2024-23692
- - https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Armis Early Warning
Armis Early Warning provides proactive threat intelligence and early detection capabilities.Click here to learn more.
- Armis Alert Date:Jun 26, 2024
- CISA KEV Date:Jul 9, 2024
- Days Early:39 Days
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
