CVE-2024-6782
📋 TL;DR
An improper access control vulnerability in Calibre e-book management software allows unauthenticated attackers to execute arbitrary code remotely. This affects Calibre servers running versions 6.9.0 through 7.14.0 with the content server enabled. Attackers can exploit this without any authentication to gain full control of affected systems.
💻 Affected Systems
- Calibre
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining root/administrator privileges, data theft, ransomware deployment, and persistent backdoor installation.
Likely Case
Remote code execution leading to data exfiltration, cryptocurrency mining, or system takeover for botnet participation.
If Mitigated
No impact if content server is disabled or proper network segmentation prevents external access.
🎯 Exploit Status
Proof-of-concept exploit code is publicly available. The vulnerability requires no authentication and has straightforward exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 7.15.0
Vendor Advisory: https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9
Restart Required: Yes
Instructions:
1. Download Calibre 7.15.0 or later from https://calibre-ebook.com/download. 2. Install the update following standard installation procedures. 3. Restart the Calibre application and content server if running.
🔧 Temporary Workarounds
Disable Content Server
allDisable the Calibre content server feature to prevent remote exploitation.
In Calibre GUI: Preferences → Sharing over the net → Uncheck 'Enable content server'
On Linux: kill $(pgrep -f calibre-server)
Network Access Control
allRestrict network access to Calibre content server using firewall rules.
Linux: sudo iptables -A INPUT -p tcp --dport 8080 -j DROP
Windows: netsh advfirewall firewall add rule name="Block Calibre" dir=in action=block protocol=TCP localport=8080
🧯 If You Can't Patch
- Disable Calibre content server immediately and verify it's not running
- Implement strict network segmentation and firewall rules to block all external access to Calibre ports (default 8080)
🔍 How to Verify
Check if Vulnerable:
Check if Calibre version is between 6.9.0 and 7.14.0 AND content server is enabled. Run: calibre --versionCheck Version:
calibre --versionVerify Fix Applied:
Verify Calibre version is 7.15.0 or later: calibre --version | grep -E '7\.(1[5-9]|[2-9][0-9])|8\.[0-9]+'📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Calibre server
- Suspicious network connections from Calibre process
- Failed authentication attempts to Calibre content server (though exploit doesn't require auth)
Network Indicators:
- Unexpected outbound connections from Calibre server
- Exploit traffic patterns to Calibre port 8080
- Command and control beaconing from Calibre process
SIEM Query:
process_name:"calibre" AND (process_command_line:"*nc*" OR process_command_line:"*bash*" OR process_command_line:"*powershell*")