CVE-2024-48874 – This vulnerability allows attackers to force Ru... (How to Fix)

Q: What is the severity of CVE-2024-48874?

CVE-2024-48874 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to force Ruijie Reyee OS proxy servers to make arbitrary requests, potentially accessing internal Ruijie services and AWS cloud metadata. It affects Ruijie Reyee OS versions 2.206.x through 2.319.x. Organizations using these vulnerable proxy servers are at risk.

📋 TL;DR

This vulnerability allows attackers to force Ruijie Reyee OS proxy servers to make arbitrary requests, potentially accessing internal Ruijie services and AWS cloud metadata. It affects Ruijie Reyee OS versions 2.206.x through 2.319.x. Organizations using these vulnerable proxy servers are at risk.

💻 Affected Systems

Products:

Ruijie Reyee OS

Versions: 2.206.x up to but not including 2.320.x

Operating Systems: Ruijie Reyee OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects proxy server functionality in Ruijie Reyee OS deployments.

📦 What is this software?

Reyee Os by Ruijienetworks

View all CVEs affecting Reyee Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of Ruijie's internal cloud infrastructure, data exfiltration, lateral movement to other systems, and potential supply chain attacks.

🟠

Likely Case

Unauthorized access to internal services, metadata harvesting, and potential credential theft from cloud services.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing internal service access.

🌐 Internet-Facing: HIGH - Proxy servers are typically internet-facing and directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal-only deployments reduce exposure but still vulnerable to internal threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-918 (Server-Side Request Forgery) vulnerabilities typically have low exploitation complexity when unauthenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.320.x or later

Vendor Advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

Restart Required: Yes

Instructions:

1. Check current Ruijie Reyee OS version. 2. Download and install version 2.320.x or later from Ruijie. 3. Restart affected proxy servers. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Ruijie proxy servers from internal networks and cloud metadata services

Access Control Lists

all

Implement strict ACLs to limit which internal services proxy servers can access

🧯 If You Can't Patch

Implement strict network segmentation to isolate Ruijie proxy servers from internal services
Deploy web application firewalls with SSRF protection rules

🔍 How to Verify

Check if Vulnerable:

Check Ruijie Reyee OS version via admin interface or CLI. If version is between 2.206.x and 2.319.x, system is vulnerable.

Check Version:

Check via Ruijie Reyee OS admin interface or consult Ruijie documentation for version check commands.

Verify Fix Applied:

Confirm Ruijie Reyee OS version is 2.320.x or later and test proxy server functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual outbound requests from proxy servers
Requests to internal services from proxy
Access to cloud metadata endpoints

Network Indicators:

Proxy servers making unexpected internal connections
Traffic to AWS metadata services (169.254.169.254)

SIEM Query:

source="ruijie-proxy" AND (dest_ip IN internal_networks OR dest_ip="169.254.169.254")

📊 Metadata

CVE ID: CVE-2024-48874

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: December 6, 2024

Last Updated: December 10, 2024

🔗 References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-48874, you might also want to check these: