Vulnerability Description
A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this is not part of any NGINX software shipped by F5.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jc21 | Nginx Proxy Manager | 2.11.3 |
Related Weaknesses (CWE)
References
- https://github.com/NginxProxyManager/nginx-proxy-manager/blob/v2.11.3/backend/inProduct
- https://github.com/NginxProxyManager/nginx-proxy-manager/commit/99cce7e2b0da2978Product
- https://github.com/NginxProxyManager/nginx-proxy-manager/pull/4073/commits/c39d5Patch
- https://github.com/barttran2k/POC_CVE-2024-46256Exploit
FAQ
What is CVE-2024-46257?
CVE-2024-46257 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add Let's Encrypt Certificate. NOTE: this...
How severe is CVE-2024-46257?
CVE-2024-46257 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-46257?
Check the references section above for vendor advisories and patch information. Affected products include: Jc21 Nginx Proxy Manager.