Vulnerability identifier: #VU43568
Vulnerability risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Webmin
Web applications /
Remote management & hosting panels
Vendor: Webmin
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Webmin: 1.140 - 1.580
External links
http://americaninfosec.com/research/index.html
http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf
http://www.kb.cert.org/vuls/id/788478
http://www.securitytracker.com/id?1027507
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf
http://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.