CVE-2023-7304

Vulnerability Description

Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute arbitrary commands on the host. Successful exploitation can yield full control of the application process and may lead to system-level access depending on the service privileges. VulnCheck has observed this vulnerability being targeted by the RondoDox botnet campaign.

Related Weaknesses (CWE)

References

• https://cn-sec.com/archives/2284248.html
• https://www.vulncheck.com/advisories/ruijie-rg-uac-nmc-sync-php-command-injectio

FAQ

What is CVE-2023-7304?

CVE-2023-7304 is a documented vulnerability. Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject she...

How severe is CVE-2023-7304?

CVSS scoring is not yet available for CVE-2023-7304. Check NVD for updates.

Is there a patch for CVE-2023-7304?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.