#VU99597 Improper Authentication in CyberPanel
Vulnerability identifier: #VU99597
Vulnerability risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-287
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
CyberPanel
Web applications /
Remote management & hosting panels
Vendor: CyberPanel
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within getresetstatus in dns/views.py. A remote non-authenticated attacker can send a specially crafted HTTP POST request to the /dns/getresetstatus or /ftp/getresetstatus endpoints, bypass authentication and execute arbitrary OS commands on the system.
Mitigation
Install updates from vendor's repository.
Vulnerable software versions
CyberPanel: 1.7.2 - 2.3.7
External links
http://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683
http://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
http://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
http://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
http://x.com/leak_ix/status/1851608316130025856
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
