#VU99595 Improper authentication in CyberPanel - CVE-2024-51567
Published: November 1, 2024 / Updated: December 5, 2024
Vulnerability identifier: #VU99595
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2024-51567
CWE-ID: CWE-287
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
CyberPanel
CyberPanel
Software vendor:
CyberPanel
CyberPanel
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to improper authentication within upgrademysqlstatus in databases/views.py. A remote non-authenticated attacker can send a specially crafted HTTP POST request to the /dataBases/upgrademysqlstatus endpoint, bypass authentication and execute arbitrary OS commands on the system.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's repository.
External links
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
- https://x.com/leak_ix/status/1851608316130025856