CVE-2024-58275 is a command injection vulnerability classified under CWE-88 (Improper Neutralization of Argument Delimiters in a Command) affecting Easywall version 0.3.1, a network-related software product by jpylypiw. The vulnerability resides in the /ports-save endpoint, which accepts parameters that are not properly sanitized before being passed to shell commands. This improper neutralization allows an authenticated attacker to inject shell metacharacters and arbitrary commands, leading to remote command execution on the server hosting Easywall. The CVSS 4.0 score of 8.7 reflects a high severity, with an attack vector of network (remote), low attack complexity, no user interaction, and requiring low privileges (authenticated user). The impact on confidentiality, integrity, and availability is high, as arbitrary commands could lead to data exfiltration, system compromise, or denial of service. Although no known exploits are currently reported in the wild, the vulnerability's nature and ease of exploitation make it a significant risk. The lack of available patches at the time of publication necessitates immediate mitigation efforts by affected organizations. The vulnerability is particularly critical for environments where Easywall controls network ports or firewall rules, as attackers could manipulate network configurations or escalate privileges.

For European organizations, the impact of CVE-2024-58275 could be severe, especially for those relying on Easywall 0.3.1 for network management or firewall configurations. Successful exploitation could allow attackers to execute arbitrary commands remotely, potentially leading to full system compromise, data breaches, disruption of network services, or lateral movement within the network. Critical infrastructure sectors such as telecommunications, energy, and government agencies that use Easywall or similar network control tools are at heightened risk. The high severity and ease of exploitation mean that attackers with minimal privileges can cause significant damage, undermining trust in network security and potentially violating data protection regulations like GDPR if personal data is exposed. Additionally, the vulnerability could be leveraged in targeted attacks or ransomware campaigns, amplifying operational and financial impacts.

1. Restrict access to the /ports-save endpoint to trusted administrators only, using network segmentation and strict access controls. 2. Implement strong authentication and session management to prevent unauthorized access. 3. Apply input validation and sanitization on all parameters accepted by the /ports-save endpoint to neutralize shell metacharacters and prevent injection. 4. Monitor logs and network traffic for unusual command execution patterns or unexpected changes in port configurations. 5. If possible, upgrade to a patched version of Easywall once available; until then, consider disabling the vulnerable endpoint or applying custom patches. 6. Employ application-layer firewalls or intrusion detection/prevention systems (IDS/IPS) to detect and block exploitation attempts. 7. Conduct regular security audits and penetration testing focusing on command injection vectors. 8. Educate administrators about the risks of command injection and secure configuration management practices.