CVE-2024-23827

9.8 CRITICAL

Remote Code Execution Path Traversal

📋 TL;DR

CVE-2024-23827 is a critical path traversal vulnerability in Nginx-UI's Import Certificate feature that allows attackers to write arbitrary files to the system. This can lead to remote code execution by overwriting configuration files like app.ini. All users running Nginx-UI versions before 2.0.0.beta.12 are affected.

💻 Affected Systems

Products:

Nginx-UI

Versions: All versions before 2.0.0.beta.12

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Any Nginx-UI installation with the Import Certificate feature accessible is vulnerable.

📦 What is this software?

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to execute arbitrary commands, steal data, or deploy ransomware.

🟠

Likely Case

Unauthorized file writes leading to configuration manipulation, service disruption, or privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: HIGH - Web interface exposed to internet makes exploitation trivial for attackers.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the Import Certificate feature, but the vulnerability itself is simple to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.0.beta.12 and later

Vendor Advisory: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Nginx-UI service. 3. Update to version 2.0.0.beta.12 or later. 4. Restart Nginx-UI service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Disable Import Certificate Feature

all

Remove or restrict access to the vulnerable Import Certificate functionality

# Modify Nginx-UI configuration to disable certificate import
# Or use firewall rules to block access to the feature endpoint

Network Access Restriction

linux

Restrict network access to Nginx-UI administration interface

# Example iptables rule: iptables -A INPUT -p tcp --dport [NGINX-UI-PORT] -s [TRUSTED-IP] -j ACCEPT
# iptables -A INPUT -p tcp --dport [NGINX-UI-PORT] -j DROP

🧯 If You Can't Patch

Disable Nginx-UI entirely and use alternative configuration management methods
Implement strict network segmentation and only allow trusted IPs to access the Nginx-UI interface

🔍 How to Verify

Check if Vulnerable:

Check Nginx-UI version. If version is earlier than 2.0.0.beta.12, the system is vulnerable.

Check Version:

Check the Nginx-UI web interface dashboard or configuration files for version information

Verify Fix Applied:

Verify Nginx-UI version is 2.0.0.beta.12 or later and test that Import Certificate feature properly validates file paths.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations in system logs
Multiple failed or successful certificate import attempts
Unauthorized configuration file modifications

Network Indicators:

HTTP POST requests to certificate import endpoints with suspicious file paths
Unusual traffic patterns to Nginx-UI administration interface

SIEM Query:

source="nginx-ui" AND (event="certificate_import" OR path="*../*")

📊 Metadata

CVE ID: CVE-2024-23827

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: January 29, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m Third Party Advisory
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m Third Party Advisory