{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-47791","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2024-11-20T23:41:59.164Z","datePublished":"2024-12-06T18:16:07.652Z","dateUpdated":"2024-12-06T20:40:14.508Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Reyee OS","vendor":"Ruijie","versions":[{"lessThan":"2.320.x","status":"affected","version":"2.206.x","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"Tomer Goldschmidt and Noam Moshe of Claroty Team82 reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices.</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>\n\n</span>"}],"value":"Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.7,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-155","description":"CWE-155","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-12-06T18:16:07.652Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-338-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Ruijie reports that the issues have been fixed on the cloud and no action is needed by end users. However, CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:</p><ul><li>Minimize network exposure for all control system devices and/or systems, ensuring they are <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01\">not accessible from the internet</a>.</li><li>Locate control system networks and remote devices behind firewalls and isolating them from business networks.</li><li>When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.</li></ul>\n\n<br>"}],"value":"Ruijie reports that the issues have been fixed on the cloud and no action is needed by end users. However, CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:\n\n  *  Minimize network exposure for all control system devices and/or systems, ensuring they are  not accessible from the internet https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 .\n  *  Locate control system networks and remote devices behind firewalls and isolating them from business networks.\n  *  When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices."}],"source":{"advisory":"ICSA-24-338-01","discovery":"EXTERNAL"},"title":"Ruijie Reyee OS Improper Neutralization of Wildcards or Matching Symbols","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"affected":[{"vendor":"ruijie","product":"reyee_os","cpes":["cpe:2.3:o:ruijie:reyee_os:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"2.206.x","status":"affected","lessThan":"2.320.x","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-12-06T19:21:35.726420Z","id":"CVE-2024-47791","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-12-06T20:40:14.508Z"}}]}}