CRITICAL🇵🇱 Wersja polska

CVE-2024-28211

CVSS 9.8v3.1pub. 2024-03-07upd. 2025-05-07

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

🤖 AI Analysis
How it works

nGrinder by default does not verify the identity of JMX/RMI servers it connects to. An attacker can substitute a malicious JMX/RMI server and trick the nGrinder client into connecting to it. Through the RMI registry mechanism, untrusted data deserialization occurs (CWE-502), resulting in arbitrary code execution on the victim's side.

Impact

A remote attacker, without any authentication, can execute arbitrary code on a server running nGrinder, gaining full control over the system (violation of confidentiality, integrity, and availability).

Mitigation & patch

nGrinder should be updated to version 3.5.9 or newer. Details are available in the vendor's references at https://cve.naver.com/detail/cve-2024-28211.html

Who is affected

Naver nGrinder in versions before 3.5.9

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Naver Ngrinder

    APP
    Naver
    < 3.5.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2024-28212CRITICAL9.8PL ✓ten sam produkt

RCE w Naver nGrinder — niebezpieczna deserializacja przez SnakeYAML

CVE-2024-28213CRITICAL9.8PL ✓ten sam produkt

RCE przez niebezpieczną deserializację obiektów Java w Naver nGrinder

CVE-2024-28215HIGH7.5ten sam produkt

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access contr...

CVE-2024-28216MEDIUM5.4ten sam produkt

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access contr...

CVE-2016-5060MEDIUM6.1ten sam produkt

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject ar...