Backdoor in Vesta Control Panel



Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-912
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
 Vesta Control Panel
Web applications / Remote management & hosting panels

Vendor Vesta Control Panel

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Backdoor

EUVDB-ID: #VU15447

Risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to presence of a backdoor code in the official vendor's repository since May 2018 until at least June 2018. All users that installed vesta panel between May and June are affected.

Mitigation

Install the latest version from vendor's website.

Vulnerable software versions

Vesta Control Panel: 0.9.8-20 - 0.9.8-22

CPE2.3 External links

https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-i...
https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907
https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73920


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###