CVE-2024-23692
Rejetto HTTP File Server 2.3m Unauthenticated RCE
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
| CWE | CWE-1336 |
| Vendor | rejetto |
| Product | http file server |
| Published | May 31, 2024 |
| Last Updated | Nov 22, 2025 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for rejetto http file server
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2024-23692.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Rejetto / HTTP File Server
0 โค 2.3m
References
vulncheck.com: https://vulncheck.com/advisories/rejetto-unauth-rce mohemiv.com: https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/ github.com: https://github.com/rapid7/metasploit-framework/pull/19240 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-23692 vicarius.io: https://www.vicarius.io/vsociety/posts/unauthenticated-rce-flaw-in-rejetto-http-file-server-cve-2024-23692 vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2024-23692-detect-rejetto-hfs-vulnerability vicarius.io: https://www.vicarius.io/vsociety/posts/cve-2024-23692-rejetto-hfs-mitigate-vulnerability
Credits
Arseniy Sharoglazov