Login Sign Up

CVE-2024-24899

7.2 HIGH
Remote Code Execution

📋 TL;DR

This OS command injection vulnerability in openEuler's aops-zeus component allows attackers to execute arbitrary commands on affected Linux systems. The vulnerability exists in the constant.py configuration file and affects all installations running aops-zeus versions 1.2.0 through 1.4.0.

💻 Affected Systems

Products:
  • openEuler aops-zeus
Versions: 1.2.0 through 1.4.0
Operating Systems: Linux (openEuler)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all default installations of aops-zeus within the vulnerable version range. The vulnerability is in the constant.py configuration file.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the affected server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized command execution leading to service disruption, data manipulation, or installation of backdoors/malware.

🟢

If Mitigated

Limited impact due to proper input validation, command sanitization, and restricted user permissions preventing successful exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires access to the vulnerable component, but the vulnerability is straightforward to exploit once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.1 or later

Vendor Advisory: https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291

Restart Required: Yes

Instructions:

1. Update aops-zeus to version 1.4.1 or later using your package manager. 2. Restart the aops-zeus service. 3. Verify the update was successful by checking the version.

🔧 Temporary Workarounds

Input Validation Enhancement

linux

Implement strict input validation and sanitization for all user-supplied data before processing in the affected component.

# Manual code review and modification of constant.py to add input validation

Access Restriction

linux

Restrict access to the aops-zeus component to only trusted users and systems.

# Configure firewall rules to limit access
# Implement authentication and authorization controls

🧯 If You Can't Patch

  • Isolate affected systems from critical network segments and internet access
  • Implement strict monitoring and alerting for suspicious command execution patterns

🔍 How to Verify

Check if Vulnerable:

Check the aops-zeus version: rpm -q aops-zeus or check the installed package version in your package manager.

Check Version:

rpm -q aops-zeus | grep -E '1\.(2|3|4)\.0'

Verify Fix Applied:

Verify the installed version is 1.4.1 or later and review the constant.py file for proper input validation.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns in system logs
  • Unexpected processes spawned by aops-zeus
  • Failed authentication attempts followed by command execution

Network Indicators:

  • Unexpected outbound connections from aops-zeus servers
  • Anomalous network traffic patterns

SIEM Query:

source="aops-zeus" AND (event_type="command_execution" OR process_name="sh" OR process_name="bash")

📊 Metadata

CVE ID: CVE-2024-24899
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: March 25, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24899, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)