CVE-2024-42494

Name of the Vulnerable Software and Affected Versions Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x

Description The issue is related to inadequate access control, allowing remote attackers to disclose protected information. This could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services.

Recommendations For Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x, consider restricting access to sensitive information and cloud accounts until a patch is available. As a temporary workaround, limit the use of features that could enable sub accounts or attackers to view and exfiltrate sensitive information. Avoid using the affected Ruijie Reyee OS versions for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.