CHT Security Team Discovered a Vulnerability in Well-Known IDE (Integrated Development Environment) Plugin.

【Summary】

CHT Security Team discovered that a IDE (Integrated Development Environment) Plugin has a remote code execution vulnerability, which affects domestic and foreign users, enterprises, etc.

【Risk level】

Critical

【Known Affected Software】

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.500

【Description】

Eclipse Target Management: Terminal and Remote System Explorer (RSE) version <= 4.5.500 has a remote code execution vulnerability that does not require authentication. You can use this vulnerability to execute arbitrary OS commands, thereby controlling the system and interrupting services. .

CHT Security team recommends the following measures:

After receiving the information, the developer has already release relevant updates as soon as possible. If agencies or enterprises use this system, it is recommended to contact the manufacturer as soon as possible for updates.

1. Users: Contact the manufacturer to install the patch as soon as possible.

2. System developers: Input parameters should be checked during program development.

3. System developers: It is recommended to introduce SSDLC (Secure Software Development Life Cycle) conduct secure program development education and training, and regularly perform security tests such as source code review and penetration test to effectively ensure product and user security.

【Reference】

https://www.cve.org/CVERecord?id=CVE-2024-0740