CVE-2024-6782
published 2024-08-06CVE-2024-6782: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
PriorityP194critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
83.39%
99.6th percentile
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| calibre | calibre | >= 0 < 6.13.0+repack-2+deb12u4 | 6.13.0+repack-2+deb12u4 |
| calibre | calibre | >= 0 < 7.16.0+ds-1 | 7.16.0+ds-1 |
| calibre | calibre | >= 0 < 7.16.0+ds-1 | 7.16.0+ds-1 |
| calibre | calibre | 6.9.0 – 7.14.0 | — |
| debian | calibre | < calibre 6.13.0+repack-2+deb12u4 (bookworm) | calibre 6.13.0+repack-2+deb12u4 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
commandpython:def evaluate(a, b):
import subprocess
try:
return subprocess.check_output(['cmd.exe', '/c', 'whoami'])
except Exception:
return subprocess.check_output(['sh', '-c', 'whoami'])
↗
- →Alert on Calibre content server traffic on TCP port 8080 from unauthenticated sources, especially where the Content-Type is application/json and the body contains 'subprocess' or 'evaluate'. ↗
- →Use Shodan/FOFA queries to identify exposed Calibre content servers: Shodan query 'html:"Calibre"' and FOFA query '"Server: calibre"'. ↗
- →Match HTTP 200 JSON responses containing the regex pattern b'([^']+) following a POST to /cdb/cmd/list — this indicates successful command output returned from the injected payload. ↗
- ·The Calibre content server is disabled by default; exploitation is only possible if the administrator has explicitly enabled it. ↗
- ·The vulnerable version range spans Calibre 6.9.0 through 7.14.0; the Metasploit module references up to 7.15.0, so detections should cover this full range. ↗
- ·The injected payload executes in the same OS user context as the Calibre process; impact severity depends on the privilege level of the running Calibre instance. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vulncheck9.8CRITICAL
vendor_debian9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g8v6-86f6-jj9q: Improper access control in Calibre 6
ghsa_unreviewed·2024-08-06
CVE-2024-6782 [CRITICAL] CWE-863 GHSA-g8v6-86f6-jj9q: Improper access control in Calibre 6
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
OSV
CVE-2024-6782: Improper access control in Calibre 6
osv·2024-08-06·CVSS 9.8
CVE-2024-6782 [CRITICAL] CVE-2024-6782: Improper access control in Calibre 6
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
VulnCheck
calibre-ebook calibre Incorrect Authorization
vulncheck·2024·CVSS 9.8
CVE-2024-6782 [CRITICAL] calibre-ebook calibre Incorrect Authorization
calibre-ebook calibre Incorrect Authorization
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Affected: calibre-ebook calibre
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
Exploit PoC: https://vulncheck.com/xdb/adeee3c5349c; https://vulncheck.com/xdb/80a457eddffd; https://vulncheck.com/xdb/5b98c7c05cc1; https://vulncheck.com/xdb/d69210335865
Debian
CVE-2024-6782: calibre - Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attacker...
vendor_debian·2024·CVSS 9.8
CVE-2024-6782 [CRITICAL] CVE-2024-6782: calibre - Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attacker...
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
Scope: local
bookworm: resolved (fixed in 6.13.0+repack-2+deb12u4)
bullseye: resolved
forky: resolved (fixed in 7.16.0+ds-1)
sid: resolved (fixed in 7.16.0+ds-1)
trixie: resolved (fixed in 7.16.0+ds-1)
No detection rules found.
Nuclei
Calibre <= 7.14.0 Remote Code Execution
nuclei·CVSS 9.8
CVE-2024-6782 [CRITICAL] Calibre <= 7.14.0 Remote Code Execution
Calibre <= 7.14.0 Remote Code Execution
Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0.
Template:
id: CVE-2024-6782
info:
name: Calibre <= 7.14.0 Remote Code Execution
author: DhiyaneshDK
severity: critical
description: |
Unauthenticated remote code execution via Calibre’s content server in Calibre <= 7.14.0.
impact: |
Unauthenticated attackers can execute arbitrary Python code through the content server's template functionality, achieving complete system compromise.
remediation: |
Update Calibre to version 7.15.0 or later to address the remote code execution vulnerability.
reference:
- https://starlabs.sg/advisories/24/24-6781/
classification:
cve-id: CVE-2024-6782
cwe-id: CWE-863
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-
Metasploit
Calibre Python Code Injection (CVE-2024-6782)
metasploit·CVSS 9.8
CVE-2024-6782 [CRITICAL] Calibre Python Code Injection (CVE-2024-6782)
Calibre Python Code Injection (CVE-2024-6782)
This module exploits a Python code injection vulnerability in the Content Server component of Calibre v6.9.0 - v7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any authentication. The injected payload will get executed in the same context under which Calibre is being executed.
No writeups or analysis indexed.
2024-08-06
Published
Exploited in the wild