SB2024110139 - Multiple vulnerabilities in CyberPanel
Published: November 1, 2024 Updated: December 5, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Improper authentication (CVE-ID: CVE-2024-51567)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within upgrademysqlstatus in databases/views.py. A remote non-authenticated attacker can send a specially crafted HTTP POST request to the /dataBases/upgrademysqlstatus endpoint, bypass authentication and execute arbitrary OS commands on the system.
Note, the vulnerability is being actively exploited in the wild.
2) Improper Authentication (CVE-ID: CVE-2024-51378)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within getresetstatus in dns/views.py. A remote non-authenticated attacker can send a specially crafted HTTP POST request to the /dns/getresetstatus or /ftp/getresetstatus endpoints, bypass authentication and execute arbitrary OS commands on the system.
Remediation
Install update from vendor's website.
References
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
- https://x.com/leak_ix/status/1851608316130025856
- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683
- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/