CVE-2024-23827

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 29, 2024

Updated: Feb 8, 2024

CWE ID 22

Summary

CVE-2024-23827 is a vulnerability affecting Nginx-UI, a web interface for managing Nginx configurations. The Import Certificate feature in this software is susceptible to arbitrary file writes due to insufficient input validation. attackers can exploit this vulnerability by providing malicious certificate data, which is then saved to arbitrary system paths. This issue could potentially be leveraged for remote code execution, specifically by overwriting the app.ini configuration file. The vulnerability has been addressed in version 2.0.0.beta.12 of Nginx-UI.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uPtdqJ
https://www.cve.org/CVERecord?id=CVE-2024-23827
https://nvd.nist.gov/vuln/detail/CVE-2024-23827

Back to Vulnerability Database

CVE-2024-23827

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations