CVE-2024-48874: Ruijie Reyee OS Server-Side Request Forgery

9.8 CVSS

Description

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

Classification

CVE ID: CVE-2024-48874

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Ruijie

Product: Reyee OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 40.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01

Timeline

2024-12-07 00:31:24 UTC
CVE

Ruijie Reyee OS Server-Side Request Forgery