CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-23692

High Severity
Rejetto
SVRS
50/100
CVSSv3
9.8/10
EPSS
0.94282/1

CVE-2024-23692 is a critical template injection vulnerability in Rejetto HTTP File Server (HFS) version 2.3m, allowing unauthenticated remote attackers to execute arbitrary commands. While the CVSS score is high at 9.8, the SOCRadar Vulnerability Risk Score (SVRS) is 50, indicating moderate risk, potentially due to the software's unsupported status, but the exploit is available. This vulnerability poses a significant threat because attackers can gain complete control of the affected system by sending a crafted HTTP request. Given that exploits are available, organizations still using this outdated software are at immediate risk. The vulnerability highlights the dangers of using unsupported software. Immediate action is required, which includes updating or discontinuing use.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Third-party-advisory
Technical-description
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-05-31
LAST MODIFIED2025-02-13

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-236922024-07-10
Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-236922024-07-09
999gawkboyy/CVE-2024-23692_Exploithttps://github.com/999gawkboyy/CVE-2024-23692_Exploit2025-03-06
Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)http://rejetto.com/hfs/2025-03-28
0x20c/CVE-2024-23692-EXPhttps://github.com/0x20c/CVE-2024-23692-EXP2024-06-18
NingXin2002/HFS2.3_pochttps://github.com/NingXin2002/HFS2.3_poc2024-12-21
pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-https://github.com/pradeepboo/Rejetto-HFS-2.x-RCE-CVE-2024-23692-2024-07-10
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY
2024-11-21
Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY | TAG-110, a Russia-aligned threat group, targets organizations across Asia and Europe using HATVIBE and CHERRYSPY malware for espionage. Learn how Recorded Future's analysis uncovers the group’s tactics, techniques, and indicators of compromise.SummaryInsikt Group has identified an ongoing cyber-espionage campaign conducted by TAG-110, a Russia-aligned threat group targeting organizations in
recordedfuture.com
rss
forum
news
Russian TAG-110 Attacking Users With HATVIBE And CHERRYSPY Hacking Tools
Guru Baran2024-11-24
Russian TAG-110 Attacking Users With HATVIBE And CHERRYSPY Hacking Tools | TAG-110, a threat group affiliated with Russia, is conducting an ongoing cyber-espionage effort targeting Central Asia, East Asia, and European organizations. The group mainly targets government agencies, human rights organizations, and educational institutions with custom malware, such as HATVIBE and CHERRYSPY. Further, the activities of TAG-110 most likely form a part of a larger Russian […] The post Russian TAG-110 Attacking Users With HATVIBE And CHERRYSPY Hacking
cybersecuritynews.com
rss
forum
news
CVE-2024-23692 | Rejetto HTTP File Server up to 2.3m HTTP Request special elements used in a template engine (Nessus ID 211465)
vuldb.com2024-11-16
CVE-2024-23692 | Rejetto HTTP File Server up to 2.3m HTTP Request special elements used in a template engine (Nessus ID 211465) | A vulnerability has been found in Rejetto HTTP File Server up to 2.3m and classified as very critical. This vulnerability affects unknown code of the component HTTP Request Handler. The manipulation leads to improper neutralization of special elements used in a template engine. NOTE: This vulnerability only affects products that
vuldb.com
rss
forum
news
Ukraine CERT-UA reveals cyberattack by UAC-0063 group on scientific institution, linked to Russian APT28 - IndustrialCyber
2024-07-24
Ukraine CERT-UA reveals cyberattack by UAC-0063 group on scientific institution, linked to Russian APT28 - IndustrialCyber | News Content: The Ukraine Computer Emergency Response Team (CERT-UA) disclosed information about a cyberattack conducted by the UAC-0063 group, which targeted a Ukrainian scientific research institution earlier this month using the Hatvibe and Cherryspy malware. The agency has identified with medium confidence that the activities of UAC-0063 are linked to those of the APT28 group (UAC-0001), which is associated with the State Department of the Armed Forces of the Russian Federation. “At the stage of the initial attack, the
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: SideWinder phishing campaign targets maritime facilities in multiple countries The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 […] A crafty phishing campaign targets Microsoft OneDrive users Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | URL: https://securityaffairs.com/must-read. Publication date: 2023-08-27 16:37:21 News Content: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to […] | Description: A crafty phishing campaign targets Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a
google.com
rss
forum
news
Must Read - Security Affairs
2023-08-27
Must Read - Security Affairs | News Content: Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085 Microsoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full […] Acronis Cyber Infrastructure bug actively exploited in the wild Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that
google.com
rss
forum
news

Social Media

GitHub - verylazytech/CVE-2024-23692: POC - Unauthenticated RCE Flaw in Rejetto HTTP File Server - CVE-2024-23692 https://t.co/JA1xJI5llh
0
0
4
2/5 South Korean firm AhnLab detected the attacks in July but did not initially link them to APT28. The Rejetto vulnerability (CVE-2024-23692) was soon added to CISA’s KEV database. #CyberThreats #APT28 #Rejetto #CVE202423692
1
0
0
CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with #malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 #vulnerability. https://t.co/h1B5f14o4n #infosec #cybersecurity
0
0
2
CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with #malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 #vulnerability. Learn more: https://t.co/dOO2ZUn5Vx #infosec #cybersecurity
0
5
7
TheHackersNews: CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with #malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 #vulnerability. Learn more: https://t.co/qjiaik7L6o #infosec #cybersecurity
0
0
0
CERT-UA has alerted of a new spear-phishing campaign targeting a Ukrainian research institution with #malware named HATVIBE and CHERRYSPY, exploiting a CVE-2024-23692 #vulnerability. With threat actors becoming increasingly sophisticated, continuous vigilance and advanced https://t.co/w7sxFKUkz7
0
0
1
🚨 CVE-2024-23692: Critical vuln in Rejetto HTTP File Server up to 2.3m. Improper neutralization of template engine elements. Patch immediately if using affected unsupported versions. #CyberSecurity #Patching
0
0
0
Rejetto HFS 2 - CVE-2024-23692 https://t.co/cJQsPlmRc3
0
0
0
Malicious actors are exploiting CVE-2024-23692 in HTTP File Servers (HFS) by #Rejetto, allowing remote command execution without authentication. Read more: https://t.co/7y6m3rYRph #CyberSecurity #CVE202423692 #HFS #InfoSec https://t.co/3gBCpwnhjU
0
0
0
Alert: Security flaw CVE-2024-23692 in HTTP File Servers allows remote command execution, leading to Monero (XMR) mining malware deployment. Users urged to update HFS to protect data and systems. #monero https://t.co/MSD4GeEr8m https://t.co/UG757hDkLc
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppRejettohttp_file_server

References

ReferenceLink
[email protected]https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
[email protected]https://vulncheck.com/advisories/rejetto-unauth-rce
[email protected]https://github.com/rapid7/metasploit-framework/pull/19240
[email protected]https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
[email protected]https://vulncheck.com/advisories/rejetto-unauth-rce
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/rapid7/metasploit-framework/pull/19240
AF854A3A-2127-422B-91AE-364DA2661108https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
AF854A3A-2127-422B-91AE-364DA2661108https://vulncheck.com/advisories/rejetto-unauth-rce
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692
[email protected]https://github.com/rapid7/metasploit-framework/pull/19240
[email protected]https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/
[email protected]https://vulncheck.com/advisories/rejetto-unauth-rce
GITHUBhttps://github.com/rapid7/metasploit-framework/pull/19240
GITHUBhttps://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/

CWE Details

CWE IDCWE NameDescription
CWE-94Improper Control of Generation of Code ('Code Injection')The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-1336Improper Neutralization of Special Elements Used in a Template EngineThe product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence