Multiple vulnerabilities in CentOS Web Panel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2019-13359 CVE-2019-13360 CVE-2019-13383 CVE-2019-13605 |
| CWE-ID | CWE-434 CWE-287 CWE-200 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
CentOS Web Panel Web applications / CMS |
| Vendor | CentOS Web Panel |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Arbitrary file upload
EUVDB-ID: #VU35707
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13359
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
MitigationInstall update from vendor's website.
Vulnerable software versionsCentOS Web Panel: 0.9.8.836
External linkshttp://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-Privilege-Escalation.html
http://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13359.md
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Improper Authentication
EUVDB-ID: #VU35708
Risk: High
CVSSv3.1: 8.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13360
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass authentication in the login process by leveraging knowledge of a valid username.
MitigationInstall update from vendor's website.
Vulnerable software versionsCentOS Web Panel: 0.9.8.836
External linkshttp://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
http://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13360.md
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Information disclosure
EUVDB-ID: #VU35709
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13383
CWE-ID:
CWE-200 - Information exposure
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
MitigationInstall update from vendor's website.
Vulnerable software versionsCentOS Web Panel: 0.9.8.836
External linkshttp://packetstormsecurity.com/files/153667/CentOS-Control-Web-Panel-0.9.8.838-User-Enumeration.html
http://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13383.md
http://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0010
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Improper Authentication
EUVDB-ID: #VU35710
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-13605
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: Yes
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
MitigationInstall update from vendor's website.
Vulnerable software versionsCentOS Web Panel: 0.9.8.836
External linkshttp://packetstormsecurity.com/files/153665/CentOS-Control-Web-Panel-0.9.8.836-Authentication-Bypass.html
http://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-2019-13605.md
http://www.exploit-db.com/exploits/47123
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
