Webmin, the popular web-based system administration tool, has been found to contain a critical security vulnerability that could allow attackers to seize control of servers. The vulnerability, identified as CVE-2024-12828, has been assigned a CVSS score of 9.9, indicating its severe nature.
The flaw stems from a command injection vulnerability within Webmin’s CGI request handling. Specifically, the software fails to properly validate user-supplied input before using it to execute system calls.
This oversight allows authenticated attackers to inject malicious commands that are then executed with root privileges.
2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide
What makes this vulnerability particularly dangerous is that it can be exploited by less-privileged Webmin users. Even without full administrative access, an attacker could potentially escalate their privileges and take complete control of the server.
With an estimated one million Webmin installations worldwide, the potential impact of this vulnerability is significant. The exploitability of CVE-2024-12828 could lead to:
- Full server compromise
- Unauthorized access to sensitive data
- Deployment of malicious scripts and ransomware
- Use of compromised servers as platforms for further attacks
The vulnerability was discovered by Trend Micro’s Zero Day Initiative (ZDI) and has been tracked as ZDI-24-1725. The disclosure timeline is as follows:
- March 28, 2024: Vulnerability reported to vendor
- December 20, 2024: Coordinated public release of advisory
Mitigation and Patches
Webmin has issued an update to address this vulnerability in version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.
The fix can be found in the following GitHub commit. This is not the first time Webmin has faced serious security issues. In 2019, a similar remote code execution vulnerability (CVE-2019-15107) was discovered in Webmin versions 1.882 to 1.921. That incident involved a backdoor that allowed unauthenticated attackers to execute commands as root.
- Update Webmin: Administrators should immediately upgrade to Webmin version 2.111 or later.
- Access Control: Implement strict access controls and use IP-based restrictions where possible.
- Monitoring: Enhance monitoring for suspicious activities on Webmin-managed servers.
- Principle of Least Privilege: Ensure users have only the necessary permissions required for their roles.
The Webmin vulnerability serves as a reminder of the ongoing challenges in maintaining secure web-based administration tools and the importance of robust input validation in preventing command injection attacks.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free