Nginx Ui
CVE-2024-23828
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12.
AnalysisAI
Nginx-UI is a web interface to manage Nginx configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-74. Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12. Affected products include: Nginxui Nginx Ui. Version information: version 2.0.0..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unauthenticated backup download and RCE in Nginx UI before 2.3.3. EPSS 1.0%. PoC available.
Nginx UI is a web user interface for the Nginx web server. Rated high severity (CVSS 8.9), this vulnerability is remotel
Nginx UI is a web user interface for the Nginx web server. Rated high severity (CVSS 7.7), this vulnerability is remotel
Nginx-UI is a web interface to manage Nginx configurations. Rated critical severity (CVSS 9.8), this vulnerability is re
Nginx UI is a web user interface for the Nginx web server. Rated medium severity (CVSS 5.5), this vulnerability is remot
Nginx-UI is a web interface to manage Nginx configurations. Rated high severity (CVSS 7.1), this vulnerability is remote
Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage i
Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in r
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today