CVE-2024-3799 (GCVE-0-2024-3799)
Vulnerability from cvelistv5
Published
2024-07-10 11:59
Modified
2024-08-28 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Insecure handling of POST header parameter body included in requests being sent to an instance of the open-source project Phoniebox allows an attacker to create a website, which – when visited by a user – will send malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a shell command execution.
This issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.
Phoniebox in version 3.0 and higher are not affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:02.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-3798"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "phoniebox",
"vendor": "sourcefabric",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "3.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T18:46:29.510103Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T18:48:23.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Phoniebox",
"programFiles": [
"htdocs/inc.setWifi.php"
],
"repo": "https://github.com/MiczFlor/RPi-Jukebox-RFID",
"vendor": "Phoniebox",
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "3.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-04-15T11:55:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eInsecure handling of POST header parameter \u003ci\u003ebody\u003c/i\u003e\u0026nbsp;included in requests being sent to an instance of the o\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003epen-source project\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003ePhoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emalicious\u003c/span\u003e requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u0026nbsp;shell command execution.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \u003cbr\u003ePhoniebox in version 3.0 and higher are not affected. \u003c/p\u003e"
}
],
"value": "Insecure handling of POST header parameter body\u00a0included in requests being sent to an instance of the open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send\u00a0malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u00a0shell command execution.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \nPhoniebox in version 3.0 and higher are not affected."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T09:39:33.226Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/07/CVE-2024-3798"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/07/CVE-2024-3798"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342"
}
],
"source": {
"discovery": "UNKNOWN"
},
"tags": [
"x_open-source"
],
"title": "Shell command injection in Phoniebox",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-3799",
"datePublished": "2024-07-10T11:59:23.581Z",
"dateReserved": "2024-04-15T10:51:29.525Z",
"dateUpdated": "2024-08-28T18:48:23.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3799\",\"sourceIdentifier\":\"cvd@cert.pl\",\"published\":\"2024-07-10T12:15:10.180\",\"lastModified\":\"2024-11-21T09:30:25.563\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insecure handling of POST header parameter body\u00a0included in requests being sent to an instance of the open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send\u00a0malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u00a0shell command execution.\\n\\n\\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \\nPhoniebox in version 3.0 and higher are not affected.\"},{\"lang\":\"es\",\"value\":\"El manejo inseguro del cuerpo del par\u00e1metro del encabezado POST incluido en las solicitudes que se env\u00edan a una instancia del proyecto de c\u00f3digo abierto Phoniebox permite a un atacante crear un sitio web que, cuando lo visita un usuario, enviar\u00e1 solicitudes maliciosas a m\u00faltiples hosts en la red local. Si dicha solicitud llega al servidor, provocar\u00e1 la ejecuci\u00f3n de un comando de shell. Este problema afecta a Phoniebox en todas las versiones hasta la 2.7. Las versiones m\u00e1s recientes no se probaron, pero tambi\u00e9n podr\u00edan ser vulnerables.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnerableSystemConfidentiality\":\"HIGH\",\"vulnerableSystemIntegrity\":\"HIGH\",\"vulnerableSystemAvailability\":\"HIGH\",\"subsequentSystemConfidentiality\":\"NONE\",\"subsequentSystemIntegrity\":\"NONE\",\"subsequentSystemAvailability\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirements\":\"NOT_DEFINED\",\"integrityRequirements\":\"NOT_DEFINED\",\"availabilityRequirements\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnerableSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedVulnerableSystemIntegrity\":\"NOT_DEFINED\",\"modifiedVulnerableSystemAvailability\":\"NOT_DEFINED\",\"modifiedSubsequentSystemConfidentiality\":\"NOT_DEFINED\",\"modifiedSubsequentSystemIntegrity\":\"NOT_DEFINED\",\"modifiedSubsequentSystemAvailability\":\"NOT_DEFINED\",\"safety\":\"NOT_DEFINED\",\"automatable\":\"NOT_DEFINED\",\"recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"cvd@cert.pl\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://cert.pl/en/posts/2024/07/CVE-2024-3798\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://cert.pl/posts/2024/07/CVE-2024-3798\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342\",\"source\":\"cvd@cert.pl\"},{\"url\":\"https://cert.pl/en/posts/2024/07/CVE-2024-3798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert.pl/posts/2024/07/CVE-2024-3798\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://cert.pl/en/posts/2024/07/CVE-2024-3798\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://cert.pl/posts/2024/07/CVE-2024-3798\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342\", \"tags\": [\"issue-tracking\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:20:02.008Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3799\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-28T18:46:29.510103Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:sourcefabric:phoniebox:*:*:*:*:*:*:*:*\"], \"vendor\": \"sourcefabric\", \"product\": \"phoniebox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.7\"}, {\"status\": \"unaffected\", \"version\": \"3.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"*\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T18:48:18.926Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"Shell command injection in Phoniebox\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-88\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-88 OS Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/MiczFlor/RPi-Jukebox-RFID\", \"vendor\": \"Phoniebox\", \"product\": \"Phoniebox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.7\"}, {\"status\": \"unaffected\", \"version\": \"3.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"htdocs/inc.setWifi.php\"], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-04-15T11:55:00.000Z\", \"references\": [{\"url\": \"https://cert.pl/en/posts/2024/07/CVE-2024-3798\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://cert.pl/posts/2024/07/CVE-2024-3798\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/MiczFlor/RPi-Jukebox-RFID/issues/2342\", \"tags\": [\"issue-tracking\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Insecure handling of POST header parameter body\\u00a0included in requests being sent to an instance of the open-source project\\u00a0Phoniebox allows an attacker to create a website, which \\u2013 when visited by a user \\u2013 will send\\u00a0malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\\u00a0shell command execution.\\n\\n\\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \\nPhoniebox in version 3.0 and higher are not affected.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eInsecure handling of POST header parameter \u003ci\u003ebody\u003c/i\u003e\u0026nbsp;included in requests being sent to an instance of the o\u003c/span\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003epen-source project\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003ePhoniebox allows an attacker to create a website, which \\u2013 when visited by a user \\u2013 will send\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003emalicious\u003c/span\u003e requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u0026nbsp;shell command execution.\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \u003cbr\u003ePhoniebox in version 3.0 and higher are not affected. \u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"shortName\": \"CERT-PL\", \"dateUpdated\": \"2024-07-12T09:39:33.226Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3799\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-28T18:48:23.868Z\", \"dateReserved\": \"2024-04-15T10:51:29.525Z\", \"assignerOrgId\": \"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6\", \"datePublished\": \"2024-07-10T11:59:23.581Z\", \"assignerShortName\": \"CERT-PL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…