Vulnerability identifier: #VU6353
Vulnerability risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-134
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
cPanel
Web applications /
Remote management & hosting panels
Vendor: cPanel, Inc
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a format string error within cgiemail and cgiecho binaries when processing template files. A remote authenticated attacker can create a specially crafted file, containing form string specifiers and execute arbitrary code on the target system.
Successful exploitation may allow an attacker to compromise vulnerable system.
Note: this vulnerability has been exploited in the wild and was disclosed by the Shadow Brokers leak. The exploit is known as ElegantEagle.
Mitigation
The vulnerability is fixed in the following versions: 54.0.36, 56.0.43, 58.0.43, and 60.0.35.
Vulnerable software versions
cPanel: 11.54.0.0 - 11.60.0.34
External links
http://news.cpanel.com/tsr-2017-0001-full-disclosure/
http://news.cpanel.com/cpanel-security-team-cgiemail-cve-2017-5613/
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.