CVE-2024-36451

Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 2.003

Description: The issue is related to improper handling of insufficient permissions or privileges in the ajaxterm module of Webmin. This could allow an unauthorized user to hijack a console session, potentially leading to data referral, webpage alteration, or permanent server halt. The vulnerability may enable an attacker to escalate privileges.

Recommendations: For versions prior to 2.003, update to version 2.003 or later to resolve the issue. As a temporary workaround, consider restricting access to the ajaxterm module to minimize the risk of exploitation. Additionally, review and ensure proper configuration of permissions and privileges within Webmin to prevent unauthorized access.