CVE-2024-44577
📋 TL;DR
RELY-PCIe versions 22.2.1 through 23.1.0 contain a command injection vulnerability in the time_date function. This allows attackers to execute arbitrary commands on affected systems with the privileges of the running process. Organizations using these versions of RELY-PCIe software are at risk.
💻 Affected Systems
- RELY-PCIe
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise leading to data theft, ransomware deployment, or complete system takeover with administrative privileges.
Likely Case
Unauthorized command execution leading to data exfiltration, lateral movement within the network, or installation of persistent backdoors.
If Mitigated
Limited impact due to network segmentation, minimal privileges, and proper monitoring catching exploitation attempts.
🎯 Exploit Status
Command injection vulnerabilities typically have low exploitation complexity once the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v23.1.1 or later (assumed based on typical patching patterns)
Vendor Advisory: https://www.relyum.com/web/support/vulnerability-report/
Restart Required: Yes
Instructions:
1. Download the latest RELY-PCIe version from the vendor. 2. Backup current configuration. 3. Install the update following vendor documentation. 4. Restart the RELY-PCIe service or system.
🔧 Temporary Workarounds
Restrict access to time_date function
linuxLimit network access to the vulnerable function using firewall rules or access controls.
iptables -A INPUT -p tcp --dport [RELY-PCIe_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [RELY-PCIe_PORT] -j DROP
🧯 If You Can't Patch
- Isolate affected systems in a segmented network zone with strict inbound/outbound controls.
- Implement application-level input validation and sanitization for the time_date function parameters.
🔍 How to Verify
Check if Vulnerable:
Check the RELY-PCIe version using the vendor's version command or configuration file.Check Version:
Check vendor documentation for specific version command, typically in /opt/rely-pcie/config or via systemctl status rely-pcieVerify Fix Applied:
Verify the installed version is v23.1.1 or later and test the time_date function with safe inputs.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in system logs
- Failed authentication attempts to RELY-PCIe services
- Unexpected process spawns from RELY-PCIe
Network Indicators:
- Suspicious network traffic to/from RELY-PCIe ports
- Unusual payloads in time_date function requests
SIEM Query:
source="RELY-PCIe" AND (event="command_execution" OR cmd="*" OR process="sh" OR process="bash")