CVE-2024-22198

HIGH

Nginx-UI < 2.0.0.beta.9 - Authenticated Remote Code Execution via Terminal Start Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22198. PoCs published by xiw1ll.

AI-analyzed exploit summary This repository contains a Python script that checks if a given Nginx-UI instance is vulnerable to CVE-2024-22198 by comparing its version against the patched version (2.0.0.beta.9). It does not include exploit code but provides a version-checking mechanism.

Description

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

Exploits (1)

nomisec SCANNER

by xiw1ll · poc

https://github.com/xiw1ll/CVE-2024-22198_Checker

View Code ZIP pw:eip

This repository contains a Python script that checks if a given Nginx-UI instance is vulnerable to CVE-2024-22198 by comparing its version against the patched version (2.0.0.beta.9). It does not include exploit code but provides a version-checking mechanism.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Nginx-UI < 2.0.0.beta.9

No auth needed

Prerequisites: Network access to the Nginx-UI web interface

MITRE ATT&CK