Faisalfs10xD0049A96-DE90-4B1A-9111-94DE1044F295Improper Access Control to Remote Code Execution
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Description
In Webmin v1.984, affecting File Manager module, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as download file from remote URL and change file permission (chmod). It is possible to achieve Remote Code Execution via a crafted .cgi file by chaining those functionalities in the file manager.
Proof of Concept
Affected endpoint:
1 http://{HOST}/extensions/file-manager/http_download.cgi
2 http://{HOST}/extensions/file-manager/chmod.cgi
~
Image: Safe User access rights
Request file: Download file from remote URL , pwd: 9ngpPzaJ9G
Request file: Change file permission (chmod) , pwd: npSVrRhr01
Impact
This vulnerability is capable of modifying the OS file system and executing OS Command with running application privilege.
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%