RULE(RULE ID:338140)

Rule General Information
Release Date: 2024-06-18
Rule Name: Ruijie RG-UAC user_commit.php Remote Code Execution Vulnerability
Severity:
CVE ID:
Rule Protection Details
Description: Ruijie Unified Internet Behavior Management and Audit System is a leading industry product developed independently by Ruijie Networks for managing and auditing internet behaviors. It is deployed in critical network nodes in routing, transparent, bypass, or hybrid modes, conducting comprehensive inspection and analysis of data from layers 2 to 10 for deep recognition.A command execution vulnerability exists in Ruijie RG-UAC, specifically in the user_commit.php interface behind the application management gateway. Attackers can exploit this vulnerability to execute arbitrary commands and gain server privileges.
Impact: An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.
Affected OS: Windows, Linux, Others
Reference:
Solutions
Please contact the software vendor to update the software patch.