CVERadar

CVE-2024-33368

Medium Severity

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00193/1

CVE-2024-33368 is a critical remote code execution vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0. A remote attacker can exploit the vulnerability by injecting malicious code through the build method in DonwloadPromptScreen. This code execution can lead to complete system compromise. While the CVSS score is 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a moderate level of risk and potential for exploitation. This vulnerability allows for arbitrary code execution, meaning an attacker could potentially install malware, steal sensitive data, or take control of the affected system. Immediate patching is recommended to mitigate the risks associated with this flaw. The presence of the "In The Wild" tag indicates that this vulnerability is already being actively exploited, making patching a critical priority.

TAGS

In The Wild

VECTOR STRING

PUBLICATION DATE2024-09-27

LAST MODIFIED2024-09-30

SOCRadar

AI Insight

Description

CVE-2024-33368 is a critical vulnerability in Plasmoapp RPShare Fabric mod v.1.0.0 that allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen. This vulnerability has a CVSS score of 8.8, indicating its high severity. However, the SOCRadar Vulnerability Risk Score (SVRS) is only 38, suggesting that the vulnerability is not as critical as the CVSS score indicates. This discrepancy is likely due to the fact that the SVRS takes into account additional factors, such as social media activity, news reports, and dark web data, which may not be reflected in the CVSS score.

Key Insights

This vulnerability is critical and could allow an attacker to take complete control of an affected system.
The vulnerability is not yet being actively exploited in the wild, but it is likely that attackers will develop exploits for it soon.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about this vulnerability, calling for immediate and necessary measures to be taken.

Mitigation Strategies

Update to the latest version of Plasmoapp RPShare Fabric mod (v.1.0.1 or later).
Disable the build method in DonwloadPromptScreen.
Implement a web application firewall (WAF) to block malicious requests.
Monitor your systems for suspicious activity and take appropriate action if necessary.

Additional Information

If you have any additional questions about this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-33368 | Plasmoapp RPShare Fabric mod 1.0.0 DonwloadPromptScreen build os command injection

vuldb.com2025-03-09

CVE-2024-33368 | Plasmoapp RPShare Fabric mod 1.0.0 DonwloadPromptScreen build os command injection | A vulnerability, which was classified as critical, was found in Plasmoapp RPShare Fabric mod 1.0.0. This affects the function build of the component DonwloadPromptScreen. The manipulation leads to os command injection. This vulnerability is uniquely identified as CVE-2024-33368. It is possible to initiate

vuldb.com

rss

forum

news

Social Media

CRAC Learning - Tech

@cracbot

2024-10-02

CVE-2024-33368 (CVSS:8.8, HIGH) is Awaiting Analysis. An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method..https://t.co/ufjqQbaDAa #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

CVE

@CVEnew

2024-09-27

CVE-2024-33368 An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build method in DonwloadPromptScreen https://t.co/o9i8jhqY3b

Affected Software

No affected software found for this CVE

References

Reference	Link
[email protected]	https://gist.github.com/apple502j/54e0f80bfe082fd934e33970394adbb8
[email protected]	https://github.com/plasmoapp/RPShare

CWE Details

CWE ID	CWE Name	Description
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence