Backdoor in Vesta Control Panel



Published: 2018-10-19
Risk Critical
Patch available YES
Number of vulnerabilities 1
CVE-ID N/A
CWE-ID CWE-912
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Subscribe 		Vesta Control Panel
Web applications / Remote management & hosting panels

Vendor Vesta Control Panel

Security Bulletin

This security bulletin contains one critical risk vulnerability.

1) Backdoor

EUVDB-ID: #VU15447

Risk: Critical

CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-912 - Hidden Functionality (Backdoor)

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to presence of a backdoor code in the official vendor's repository since May 2018 until at least June 2018. All users that installed vesta panel between May and June are affected.

Mitigation

Install the latest version from vendor's website.

Vulnerable software versions

Vesta Control Panel: 0.9.8-20 - 0.9.8-22

External links

http://www.welivesecurity.com/2018/10/18/new-linux-chachaddos-malware-distributed-servers-vestacp-i...
http://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73907
http://forum.vestacp.com/viewtopic.php?f=10&t=17641&start=180#p73920


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###