Vulnerability identifier: #VU66179
Vulnerability risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-266
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Hestia Control Panel
Client/Desktop applications /
Other client software
Vendor: Hestia Control Panel
Description
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to incorrect permission assignment in Ubuntu, which leads to security restrictions bypass and privilege escalation.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Hestia Control Panel: 1.0.1 - 1.6.5
External links
http://github.com/hestiacp/hestiacp/commit/b178b9719bb2c98cf8a6db70065086f596afad81
http://huntr.dev/bounties/704aacc9-edff-4da5-90a6-4adf8dbf36fe
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.