CVERadar

CVE-2024-37942

High Severity

Berqier

SVRS

66/100

CVSSv3

7.2/10

EPSS

0.00147/1

CVE-2024-37942: A Server-Side Request Forgery (SSRF) vulnerability exists in Berqier Ltd's BerqWP, affecting versions up to 1.7.5. This flaw allows attackers to potentially make requests to internal resources that would normally be inaccessible. Despite a CVSS score of 7.2, the SOCRadar Vulnerability Risk Score (SVRS) is 66, indicating a moderate risk level for this specific vulnerability based on threat actor activity and exploit availability. While not critical, this vulnerability could be exploited to access sensitive data or internal services. Given the 'In The Wild' tag, organizations using BerqWP should investigate and apply available patches or mitigations to reduce the attack surface. The SSRF nature of CVE-2024-37942 poses a significant risk to internal network security.

TAGS

In The Wild

VECTOR STRING

CVSS:3.1

AV:N

AC:L

PR:N

UI:N

S:C

C:L

I:L

A:N

PUBLICATION DATE2024-07-22

LAST MODIFIED2024-08-14

SOCRadar

AI Insight

Description

CVE-2024-37942 is a Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP, affecting versions from n/a through 1.7.5. SSRF vulnerabilities allow an attacker to make requests to internal systems or resources that would normally be inaccessible, potentially leading to sensitive data exposure or system compromise.

Key Insights

SVRS Score of 34: While the CVSS score of 7.2 indicates a medium severity, the SVRS score of 34 suggests that this vulnerability poses a moderate risk to organizations.
Exploit Status: Active exploits have been published, indicating that attackers are actively exploiting this vulnerability.
CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of this vulnerability, calling for immediate and necessary measures.
In the Wild: The vulnerability is actively exploited by hackers, making it crucial for organizations to take immediate action.

Mitigation Strategies

Update Software: Update BerqWP to the latest version (1.7.6) to patch the vulnerability.
Implement Web Application Firewall (WAF): Configure a WAF to block malicious requests and prevent SSRF attacks.
Restrict Access to Internal Resources: Limit access to internal systems and resources to prevent unauthorized access through SSRF vulnerabilities.
Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies that may indicate an SSRF attack.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-37942 | Berqier BerqWP Plugin up to 1.7.5 on WordPress server-side request forgery

vuldb.com2024-07-22

CVE-2024-37942 | Berqier BerqWP Plugin up to 1.7.5 on WordPress server-side request forgery | A vulnerability, which was classified as critical, has been found in Berqier BerqWP Plugin up to 1.7.5 on WordPress. This issue affects some unknown processing. The manipulation leads to server-side request forgery. The identification of this vulnerability is CVE-2024-37942. The attack may be initiated remotely. There is no exploit available.

cve-2024-37942

domains

urls

cves

Social Media

CRAC Learning - Tech

@cracbot

2024-07-26

CVE-2024-37942 (CVSS:7.2, HIGH) is Undergoing Analysis. Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5..https://t.co/PgqHzckkzh #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

Vulmon Vulnerability Feed

@VulmonFeeds

2024-07-22

CVE-2024-37942 SSRF Vulnerability in BerqWP Versions Up to 1.7.5 A Server-Side Request Forgery (SSRF) vulnerability is present in Berqier Ltd BerqWP. BerqWP versions from unspecified initial release through 1.7.5... https://t.co/3e10RTk3rv

CVE

@CVEnew

2024-07-22

CVE-2024-37942 Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5. https://t.co/WZCRCpGKpM

Affected Software

Configuration 1

Type	Vendor	Product
App	Berqier	berqwp

References

Reference	Link
[email protected]	https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-5-unauthenticated-non-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve

CWE Details

CWE ID	CWE Name	Description
CWE-918	Server-Side Request Forgery (SSRF)	The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence