CVE-2024-24117 – This CVE describes an insecure permissions vuln... (How to Fix)

Q: What is the severity of CVE-2024-24117?

CVE-2024-24117 has a CVSS score of 9.8 (CRITICAL). This CVE describes an insecure permissions vulnerability in Ruijie RG-NBS2009G-P switches running RGOS v10.4(1)P2 Release (9736). It allows remote attackers to bypass authentication and gain administrative privileges via the login check state component. Organizations using these specific switch models and firmware versions are affected.

📋 TL;DR

This CVE describes an insecure permissions vulnerability in Ruijie RG-NBS2009G-P switches running RGOS v10.4(1)P2 Release (9736). It allows remote attackers to bypass authentication and gain administrative privileges via the login check state component. Organizations using these specific switch models and firmware versions are affected.

💻 Affected Systems

Products:

Ruijie RG-NBS2009G-P switch

Versions: RGOS v10.4(1)P2 Release (9736)

Operating Systems: RGOS (Ruijie proprietary OS)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects this specific model and firmware version combination. Other Ruijie products may not be affected.

📦 What is this software?

Rg Nbs2009g P Firmware by Ruijie

View all CVEs affecting Rg Nbs2009g P Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full network compromise: attacker gains administrative access to switch, can reconfigure network, intercept traffic, disable security controls, and pivot to other systems.

🟠

Likely Case

Unauthorized administrative access to network switch leading to network disruption, traffic monitoring, and potential lateral movement.

🟢

If Mitigated

Limited impact if network segmentation isolates switches and strong access controls prevent external access.

🌐 Internet-Facing: HIGH - Remote exploit allows unauthenticated attackers to gain privileges from internet-facing interfaces.

🏢 Internal Only: HIGH - Even internally, any network-accessible switch is vulnerable to privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public GitHub repositories contain proof-of-concept code demonstrating the vulnerability. Exploitation appears straightforward based on available information.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact Ruijie support for patch availability. 2. If patch exists, download from official vendor portal. 3. Apply firmware update following vendor documentation. 4. Verify successful update.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to switch management interfaces to trusted IP addresses only

access-list 10 permit 192.168.1.0 0.0.0.255
line vty 0 4
access-class 10 in

Management Interface Isolation

all

Move management interfaces to separate VLAN with strict access controls

vlan 100
name MANAGEMENT
interface vlan 100
ip address 10.0.100.1 255.255.255.0

🧯 If You Can't Patch

Isolate affected switches from internet and untrusted networks
Implement strict network segmentation and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check switch model and firmware version: show version | include RG-NBS2009G-P and Version

Check Version:

show version

Verify Fix Applied:

Verify firmware version is updated beyond v10.4(1)P2 Release (9736)

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login from unusual IP
Configuration changes from unexpected sources
Privilege level changes in logs

Network Indicators:

Unexpected management traffic to switch on non-standard ports
Traffic patterns indicating configuration changes

SIEM Query:

source="switch_logs" (event_type="login" AND result="success") AND (user="admin" OR privilege="15") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-24117

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: October 2, 2024

Last Updated: March 13, 2025

🔗 References

https://gist.github.com/zty-1995/dbb3d5b2dbf65b4de5b71e57d08139ea Third Party Advisory
https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Any%20user%20login%20exists Exploit,Third Party Advisory
https://github.com/zty-1995/RG-NBS2009G-P-switch/tree/main/Any%20user%20login%20exists Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24117, you might also want to check these: