1.0 Introduction
Recently, CyberPanel has identified a critical security vulnerability, CVE-2024-51378 which is affecting certain versions of their software products.
2.0 Impact
This vulnerability allows remote attacker to bypass authentication and execute arbitrary commands y circumventing security middleware (which is only used for a POST request) and using shell metacharacters in the status file property.
3.0 Affected system/product/version
- Getresetstatus in dns/view.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb.
- Cyber Panel versions through 2.3.6 and (unpatched) 2.3.7.
4.0 Recommendations
CyberSecurity Malaysia advises all users and administrators to immediately review Cyber Panel official advisories and update their systems as per the following recommendation.
Kindly refer to the following URL:
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://censys.com/cve-2024-51378/
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web:
https://www.mycert.org.my
6.0 References
- https://censys.com/cve-2024-51378/
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683
- https://github.com/refr4g/CVE-2024-51378
- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
- https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
- https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882#file-0-decrypt-sh