|Number of vulnerabilities||1|
|CWE ID|| CWE-287
|Public exploit||This vulnerability is being exploited in the wild.|
Vesta Control Panel
Web applications / Remote management & hosting panels
|Vendor||Vesta Control Panel|
This security advisory describes one critical risk vulnerability.
The vulnerability allows a remote attacker to bypass authentication checks and gain full access to the affected system.
The vulnerability exists due to import validation of the authentication credentials in Vesta CP management interface. A remote unauthenticated attacker can send a specially crafted HTTP request to Vesta CP management interface, bypass authentication and gain full control over the affected server.
Note: this vulnerability is being actively exploited in the wild.
The attack was reportedly performed from IP addresses, located in China. The attackers created a file "/etc/cron.hourly/gcc.sh" on infected systems. If this file is present on your server, it means that you system has been compromised.
Install update from Vesta GIT repository:
Vesta Control Panel: 0.9.8-1, 0.9.8-2, 0.9.8-3, 0.9.8-4, 0.9.8-5, 0.9.8-6, 0.9.8-7, 0.9.8-8, 0.9.8-9, 0.9.8-10, 0.9.8-11, 0.9.8-12, 0.9.8-13, 0.9.8-14, 0.9.8-15, 0.9.8-16, 0.9.8-17, 0.9.8-18, 0.9.8-19CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.