WARNING: IMPROPER HANDLING OF INSUFFICIENT PERMISSIONS OR PRIVILEGES VULNERABILITY IN WEBMIN CAN BE EXPLOITED TO ESCALATE PRIVILEGES. PATCH IMMEDIATELY!
CVE-2024-36451
CVSS: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Sources
Japan Vulnerability Notes: https://jvn.jp/en/jp/JVN81442045
Risks
A patch has been made available for CVE-2024-36451, an improper handling of insufficient permissions or privileges vulnerability, in Webmin products.
Webmin is a web-based system administration tool for Unix-like servers, and services which is highly used and has about 1.000.000 yearly installations worldwide.
The vulnerability has not yet been observed to be exploited in the wild, but the risks of exploitation are high, given the widespread use of Webmin. The potential consequences of successful exploitation are severe, ranging from unauthorized access and execution of arbitrary scripts to complete system compromise.
Description
CVE-2024-36451 is a high-severity vulnerability (CVSS score of 8.8) which allows improper handling of insufficient permissions or privileges in ajaxterm module of Webmin.
The vulnerability could enable an unauthorized user to hijack a console session, if a user has insufficient permissions or privileges, and thus to gain elevated privileges. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
The vulnerability affects the versions of Webmin prior to 2.003.
It is recommended to update to Webmin versions: 2.003 or later, according to the information provided by the developer.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
Japan Vulnerability Notes: https://jvn.jp/en/jp/JVN81442045/
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36451
Ahnlab: https://asec.ahnlab.com/en/82515/
Webmin.com: https://webmin.com/