#VU15447 Backdoor in Vesta Control Panel

Cybersecurity Help s.r.o.

Published: 2018-10-19

Vulnerability identifier: #VU15447

Vulnerability risk: Critical

CVSSv4.0: 9.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]

CVE-ID: N/A

CWE-ID: CWE-912

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Vesta Control Panel
Web applications / Remote management & hosting panels

Vendor: Vesta Control Panel

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to presence of a backdoor code in the official vendor's repository since May 2018 until at least June 2018. All users that installed vesta panel between May and June are affected.

Mitigation
Install the latest version from vendor's website.

Vulnerable software versions

Vesta Control Panel: 0.9.8-20 - 0.9.8-22

External links
https://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-i...
https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907
https://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73920

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

Latest bulletins with this vulnerability

Backdoor in Vesta Control Panel