SB2019030801 - Privilege escalation in Webmin
Published: March 8, 2019
Security Bulletin ID
SB2019030801
Severity
Medium
Patch available
NO
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Dangerous file upload (CVE-ID: CVE-2019-9624)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to the application allows uploading of .cgi files via the /updown/upload.cgi URL. A remote authenticated attacker with Java file manager and Upload and Download privileges can upload and execute arbitrary .cgi file on the server with root privileges.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.