{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3738","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-12T19:33:35.237Z","datePublished":"2024-04-13T17:31:04.866Z","dateUpdated":"2024-09-03T17:59:26.886Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-13T17:31:04.866Z"},"title":"cym1102 nginxWebUI saveCmd handlePath certificate validation","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-295","lang":"en","description":"CWE-295 Improper Certificate Validation"}]}],"affected":[{"vendor":"cym1102","product":"nginxWebUI","versions":[{"version":"3.9.0","status":"affected"},{"version":"3.9.1","status":"affected"},{"version":"3.9.2","status":"affected"},{"version":"3.9.3","status":"affected"},{"version":"3.9.4","status":"affected"},{"version":"3.9.5","status":"affected"},{"version":"3.9.6","status":"affected"},{"version":"3.9.7","status":"affected"},{"version":"3.9.8","status":"affected"},{"version":"3.9.9","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine Schwachstelle in cym1102 nginxWebUI bis 3.9.9 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handlePath der Datei /adminPage/conf/saveCmd. Durch das Beeinflussen des Arguments nginxPath mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-04-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-12T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-12T21:38:53.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.260577","name":"VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.260577","name":"VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/cym1102/nginxWebUI/issues/138","tags":["issue-tracking"]},{"url":"https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:20:00.901Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.260577","name":"VDB-260577 | cym1102 nginxWebUI saveCmd handlePath certificate validation","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.260577","name":"VDB-260577 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/cym1102/nginxWebUI/issues/138","tags":["issue-tracking","x_transferred"]},{"url":"https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf","tags":["exploit","x_transferred"]}]},{"affected":[{"vendor":"nginxui","product":"nginx_ui","cpes":["cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.9.0","status":"affected"},{"version":"3.9.1","status":"affected"},{"version":"3.9.2","status":"affected"},{"version":"3.9.3","status":"affected"},{"version":"3.9.4","status":"affected"},{"version":"3.9.5","status":"affected"},{"version":"3.9.6","status":"affected"},{"version":"3.9.7","status":"affected"},{"version":"3.9.8","status":"affected"},{"version":"3.9.9","status":"affected"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-03T17:53:20.526229Z","id":"CVE-2024-3738","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-03T17:59:26.886Z"}}]}}