Cyber Resilience

CVE-2024-38288

HighPublic PoCRCE

Published: 25 July 2024

Published
25 July 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.6854 98.6th percentile
Risk Priority 56 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-38288 is a high-severity Command Injection (CWE-77) vulnerability in Rhubcom Turbomeeting. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 1.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-38288 is a command-injection vulnerability, tracked under CWE-77, that affects the Certificate Signing Request functionality in R-HUB TurboMeeting through version 8.x. The flaw resides in the handling of CSR input on the server side and carries a CVSS 3.1 score of 7.2.

An attacker who has already obtained administrator credentials can submit a crafted CSR over the network and cause the application to execute arbitrary operating-system commands as root, resulting in full control of the underlying server.

Public references point to a detailed Google security-research advisory (GHSA-gx6g-8mvx-3q5c) and R-HUB product manuals for additional context, though no specific patch or mitigation steps are enumerated in the available references. The associated EPSS score sits at 0.6854 with no documented rise from a lower baseline.

EU & UK References

Vulnerability details

A command-injection issue in the Certificate Signing Request (CSR) functionality in R-HUB TurboMeeting through 8.x allows authenticated attackers with administrator privileges to execute arbitrary commands on the underlying server as root.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Command injection in CSR functionality enables authenticated admins to execute arbitrary Unix shell commands (T1059.004) as root via exploitation of the remote web service (T1210), facilitating privilege escalation (T1068).

Affected Assets

rhubcom
turbomeeting
≤ 8.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References