Guard against Webmin
Zyxel_Forum_Admin
Posts: 125 Admin
CVE-2019-15107
Webmin is vulnerable to unauthenticated remote command execution
(Vulnerable version: Webmin version 1.882 to 1.921)
Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several release of Webmin (from 1.882 to 1.921). Later on developer announce that this vulnerability only affects the download of SourceForce repository. The Webmin's GitHub repositories are not affected.
Impact:
The parameter in “password_change.cgi” contains a command injection vulnerability. An attacker can send a malicious http request to the password reset request form page to inject code and take over the Webmin web application. The exploit doesn’t require a valid username or password to bypass the authentication.
Mitigation (On Host Device):
For hosts: Update to Webmin 1.930 or disable the "user password change" option in Webmin will mitigate this vulnerability.
Mitigation (On Network):
1. Access Intranet service through VPN
Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several release of Webmin (from 1.882 to 1.921). Later on developer announce that this vulnerability only affects the download of SourceForce repository. The Webmin's GitHub repositories are not affected.
Impact:
The parameter in “password_change.cgi” contains a command injection vulnerability. An attacker can send a malicious http request to the password reset request form page to inject code and take over the Webmin web application. The exploit doesn’t require a valid username or password to bypass the authentication.
Mitigation (On Host Device):
For hosts: Update to Webmin 1.930 or disable the "user password change" option in Webmin will mitigate this vulnerability.
Mitigation (On Network):
1. Access Intranet service through VPN
Leveraging VPN technology for remote access to internal Webmin, prevents unauthorized outside access.
2. Deploy advanced protection
Zyxel ZyWALL USG/ATP serial firewall uses its IDP security features to block the network attacks. Update to the latest version of IDP signature and then enable the IDP function to protect your host.
Revision history 2019-11-21: Initial release
2. Deploy advanced protection
Zyxel ZyWALL USG/ATP serial firewall uses its IDP security features to block the network attacks. Update to the latest version of IDP signature and then enable the IDP function to protect your host.
Revision history 2019-11-21: Initial release
Tagged:
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight