Lucene search

K
vulnrichmentVulnCheckVULNRICHMENT:CVE-2024-23692
HistoryMay 31, 2024 - 9:36 a.m.

CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE

2024-05-3109:36:28
CWE-1336
VulnCheck
github.com
6
cve-2024-23692
rejetto http file server
template injection

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

CNA Affected

[
  {
    "vendor": "Rejetto",
    "product": "HTTP File Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "custom",
        "lessThanOrEqual": "2.3m"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

Related for VULNRICHMENT:CVE-2024-23692