Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijienetworks
Ruijienetworks reyee Os |
|
CPEs | cpe:2.3:o:ruijienetworks:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijienetworks
Ruijienetworks reyee Os |
Fri, 06 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Ruijie
Ruijie reyee Os |
|
CPEs | cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:* | |
Vendors & Products |
Ruijie
Ruijie reyee Os |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | |
Title | Ruijie Reyee OS Server-Side Request Forgery | |
Weaknesses | CWE-918 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2024-12-06T18:22:15.725Z
Updated: 2024-12-06T20:39:47.635Z
Reserved: 2024-11-20T23:41:59.177Z
Link: CVE-2024-48874
Vulnrichment
Updated: 2024-12-06T19:23:15.980Z
NVD
Status : Analyzed
Published: 2024-12-06T19:15:12.933
Modified: 2024-12-10T19:44:16.093
Link: CVE-2024-48874
Redhat
No data.