CVE-2024-23828

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 29, 2024
Updated: Feb 8, 2024
CWE ID 74

Summary

CVE-2024-23828 is a new vulnerability affecting Nginx-UI, a web interface for managing Nginx configurations. This issue allows authenticated attackers to execute arbitrary commands via a CRLF attack on the test_config_cmd or start_cmd fields. The vulnerability is linked to an incomplete fix for previously reported vulnerabilities CVE-2024-22197 and CVE-2024-22198. Nginx-UI users are advised to update to version 2.0.0.beta.12 to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share