CVE-2024-48874

Summary

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

Affected Software

VendorProductVersion RangeStatus
RuijieReyee OS2.206.x < 2.320.xaffected

Weaknesses

  • CWE-918: CWE-918 Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References