Lucene search

JpcertCVE-2024-36451

HistoryJul 10, 2024 - 7:15 a.m.

CVE-2024-36451

2024-07-1007:15:03

CWE-280

jpcert

web.nvd.nist.gov

cve-2024-36451

webmin

ajaxterm

permissions

vulnerability

hijacked console

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.2%

JSON

Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.

Affected configurations

Vulners

Node

webminwebminRange<2.003

VendorProductVersionCPE
webminwebmin*cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
webmin	webmin	*	cpe:2.3:a:webmin:webmin::::::::

CNA Affected

[
  {
    "vendor": "Webmin",
    "product": "Webmin",
    "versions": [
      {
        "version": "prior to 2.003",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN81442045/

webmin.com/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

Low

EPSS

Percentile

9.2%

JSON

Related for CVE-2024-36451