PT-2022-1959 · Webmin+1 · Webmin+1

Mohammad Faisal Sammio

Published

2022-02-17

Updated

2022-11-21

CVE-2022-0824

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions webmin versions prior to 1.990

Description The issue is related to improper access control in the webmin repository, which can lead to remote code execution. This is due to weaknesses in the authorization mechanism of the File Manager module in the webmin web interface for UNIX-like operating systems. An attacker can exploit this issue to elevate privileges or execute arbitrary code by running the chmod command or uploading files with .cgi permissions.

Recommendations For versions prior to 1.990, update to version 1.990 or later to resolve the issue. As a temporary workaround, consider restricting access to the File Manager module to minimize the risk of exploitation. Avoid using the File Manager module until the issue is resolved.

Exploit

Fix

RCE

Improper Access Control

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-863

Related Identifiers

BDU:2022-01518

CVE-2022-0824

MGASA-2022-0090

Affected Products

Red Os

Webmin

PT-2022-1959 · Webmin+1 · Webmin+1

CVE-2022-0824

Weakness Enumeration

Related Identifiers

Affected Products

References · 29