CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-0740

Medium Severity
Eclipse
SVRS
30/100
CVSSv3
9.8/10
EPSS
0.06104/1

CVE-2024-0740 is a critical remote code execution vulnerability affecting Eclipse Target Management Terminal and Remote System Explorer (RSE) versions 4.5.400 and earlier. This vulnerability allows unauthenticated attackers to execute arbitrary code on the system. The SVRS score of 30 indicates a lower risk profile than the CVSS score suggests, suggesting the threat is not yet widely exploited or easily exploitable, despite being tagged as In The Wild. However, the potential for remote code execution makes this a serious concern. Successful exploitation could lead to complete system compromise, data theft, or denial of service. Users of affected Eclipse versions should upgrade to Eclipse IDE 2024-03 or later immediately to mitigate this cybersecurity risk. While the SVRS score is lower, patching remains crucial due to the inherent danger of RCE vulnerabilities.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-04-26
LAST MODIFIED2025-02-03
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-0740 is a remote code execution vulnerability in Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.400. This vulnerability does not require authentication, making it highly exploitable. The SVRS for this CVE is 42, indicating a moderate level of risk.

Key Insights

  • High CVSS Score: The CVSS score of 9.8 indicates that this vulnerability is highly critical and can have a severe impact on affected systems.
  • Remote Code Execution: This vulnerability allows attackers to execute arbitrary code on vulnerable systems, giving them complete control over the system.
  • No Authentication Required: The lack of authentication requirement makes this vulnerability even more dangerous, as attackers can exploit it without having to authenticate to the system.

Mitigation Strategies

  • Update to the Fixed Version: The fixed version of Eclipse IDE 2024-03 has been released. Users should update to this version as soon as possible.
  • Disable RSE: If updating to the fixed version is not immediately possible, users can disable RSE to mitigate the risk of exploitation.
  • Implement Network Segmentation: Network segmentation can help to limit the impact of an attack by isolating vulnerable systems from other parts of the network.
  • Use Intrusion Detection and Prevention Systems: Intrusion detection and prevention systems can help to detect and block attacks that exploit this vulnerability.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published for this vulnerability.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
  • In the Wild: This vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-0740 | Eclipse Target Management up to 4.5.500 os command injection (ID 171)
vuldb.com2025-02-04
CVE-2024-0740 | Eclipse Target Management up to 4.5.500 os command injection (ID 171) | A vulnerability was found in Eclipse Target Management up to 4.5.500. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2024-0740. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component
vuldb.com
rss
forum
news
CVE-2024-0740 | Eclipse Target Management up to 4.5.500 os command injection
vuldb.com2024-04-26
CVE-2024-0740 | Eclipse Target Management up to 4.5.500 os command injection | A vulnerability was found in Eclipse Target Management up to 4.5.500. It has been declared as very critical. This vulnerability affects unknown code. The manipulation leads to os command injection. This vulnerability was named CVE-2024-0740. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
cve-2024-0740
domains
urls
cves

Social Media

🚨 Critical vuln in Eclipse Target Management &lt;= 4.5.500: CVE-2024-0740, remote OS command injection. Upgrade ASAP to patch. Assess exposure &amp; monitor for exploit attempts. #cybersecurity
0
0
0
CVE-2024-0740 Eclipse Target Management: Terminal and Remote System Explorer (RSE) version &lt;= 4.5.400 has a remote code execution vulnerability that does not require authentication. The fixed version is incl... https://t.co/FbhEWgBfCe
0
0
0
CVE-2024-0740 Eclipse Target Management: Terminal and Remote System Explorer (RSE) version &lt;= 4.5.400 has a remote code execution vulnerability that does not require authentication. … https://t.co/sjznTHNvXA
0
0
2

Affected Software

Configuration 1
TypeVendorProduct
AppEclipsetarget_management

References

ReferenceLink
[email protected]https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
[email protected]https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
AF854A3A-2127-422B-91AE-364DA2661108https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
AF854A3A-2127-422B-91AE-364DA2661108https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171
[email protected]https://git.eclipse.org/r/c/tm/org.eclipse.tm/+/202145
[email protected]https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/171

CWE Details

CWE IDCWE NameDescription
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence