CVE-2024-21879

URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection.This issue affects Envoy: from 4.x to 8.x and < 8.2.4225.

Remediation

Solution:

Devices are remotely being updated by the vendor.

Workaround:

It is adviced to not expose this device to untrusted network acces. In other words, make sure this decvice is not reachable from the internet, a guest network or a public network.

References

Link	Tags
https://csirt.divd.nl/CVE-2024-21879	third party advisory
https://csirt.divd.nl/DIVD-2024-00011	related third party advisory
https://enphase.com/cybersecurity/advisories/ensa-2024-4	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-21879?: CVE-2024-21879 has been scored as a high severity vulnerability.
How to fix CVE-2024-21879?: To fix CVE-2024-21879: Devices are remotely being updated by the vendor.
Is CVE-2024-21879 being actively exploited in the wild?: It is possible that CVE-2024-21879 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-21879?: CVE-2024-21879 affects Enphase Envoy.

Description

Remediation

Categories

CWE-77 – Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions