SB2019080113 - Multiple vulnerabilities in cPanel, cPanel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019080113

SB2019080113 - Multiple vulnerabilities in cPanel, cPanel

Published: August 1, 2019 Updated: July 17, 2020

Security Bulletin ID SB2019080113
Severity
High
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 67% Medium 33%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2016-10820)

The vulnerability allows a remote authenticated user to execute arbitrary code.

cPanel before 55.9999.141 allows daemons to access their controlling TTYs (SEC-31).


2) Credentials management (CVE-ID: CVE-2016-10821)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

In cPanel before 55.9999.141, Scripts/addpop reveals a command-line password in a process list (SEC-75).


3) Improper Authentication (CVE-ID: CVE-2016-10826)

The vulnerability allows a remote authenticated user to execute arbitrary code.

cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).


Remediation

Install update from vendor's website.

References