CVE-2024-49368

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

CVE-2024-49368 is a critical command injection vulnerability in Nginx UI that allows attackers to execute arbitrary commands on the server. This affects all Nginx UI installations prior to version 2.0.0-beta.36 where logrotate configuration is used. Attackers can gain complete control of affected systems.

💻 Affected Systems

Products:

Nginx UI

Versions: All versions prior to 2.0.0-beta.36

Operating Systems: Linux, Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists when Nginx UI configures logrotate, which is a common configuration scenario.

📦 What is this software?

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root-level access, data exfiltration, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to web server compromise, data theft, and potential ransomware deployment.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal privileges, and monitoring in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires access to the logrotate configuration interface, which typically requires authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.0-beta.36

Vendor Advisory: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Nginx UI service. 3. Update to version 2.0.0-beta.36 or later. 4. Restart Nginx UI service. 5. Verify the update was successful.

🔧 Temporary Workarounds

Disable logrotate configuration

linux

Prevent exploitation by disabling logrotate configuration functionality in Nginx UI

# Edit Nginx UI configuration to disable logrotate features
# Check documentation for specific configuration options

Network isolation

linux

Restrict access to Nginx UI administration interface

iptables -A INPUT -p tcp --dport [NGINX_UI_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [NGINX_UI_PORT] -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the Nginx UI interface
Monitor system logs for suspicious command execution attempts and implement intrusion detection

🔍 How to Verify

Check if Vulnerable:

Check Nginx UI version: if version is earlier than 2.0.0-beta.36 and logrotate configuration is enabled, the system is vulnerable.

Check Version:

nginx-ui --version or check the web interface version information

Verify Fix Applied:

Verify Nginx UI version is 2.0.0-beta.36 or later and test logrotate configuration functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution in system logs
Suspicious processes spawned from Nginx UI
Failed authentication attempts to Nginx UI

Network Indicators:

Unexpected outbound connections from Nginx UI server
Traffic to suspicious IPs/domains

SIEM Query:

source="nginx-ui" AND (event="command_execution" OR event="logrotate_config")

📊 Metadata

CVE ID: CVE-2024-49368

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 21, 2024

Last Updated: November 6, 2024

🔗 References

https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36 Release Notes
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm Exploit,Vendor Advisory