CVE-2024-6782 — Vulnetix

CVE-2024-6782 PUBLISHED CVSS 9.800000190734863 CRITICAL

Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

EPSS 93.84% · 99.9th percentile

Risk Scores

CVSS 3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

93.84%

99.9th percentile

Affected Products

Vendor	Product	Versions
calibre	calibre	6.9.0
Calibre	Calibre	6.9.0

Exploit Intelligence

Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Calibre Remote Code Execution (github-poc)
Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0. (github-poc)
Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0. (github-poc)
Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0. (github-poc)

…and 67 more exploits

Timeline

Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 20, 1970 VulnCheck XDB Entry
Jan 21, 1970 VulnCheck XDB Entry
Jul 31, 2024 Metasploit Module
Aug 1, 2024 Nuclei Template
Aug 1, 2024 Fix Commit
Aug 6, 2024 EPSS Score
Aug 6, 2024 CVE Published
Aug 7, 2024 PoC Published
Aug 8, 2024 PoC Published
Aug 8, 2024 CVE Updated

References

https://starlabs.sg/advisories/24/24-6782/ third-party-advisory
https://github.com/kovidgoyal/calibre/commit/38a1bf50d8cd22052ae59c513816706c6445d5e9 patch
https://nvd.nist.gov/vuln/detail/CVE-2024-6782 advisory
https://starlabs.sg/advisories/24/24-6782 url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›