cbcvebase.
CVE-2019-25066
published 2022-06-09

CVE-2019-25066: A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
5.24%
91.5th percentile
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.

Affected

1 ranges
VendorProductVersion rangeFixed in
ajentiajenti

Detection & IOCsextracted from sources · hover to see the quote

urlapi/core/auth
hash7aa146b724e0e20cfee2c71ca78fafbf53a8767c
  • Monitor HTTP POST requests to the 'api/core/auth' endpoint for shell metacharacters or command injection payloads within the 'username' parameter.
  • Look for exploitation attempts targeting Ajenti version 2.1.31 specifically, as this is the only confirmed vulnerable version.
  • Alert on privilege escalation activity originating from the Ajenti web application process following authentication API calls.
  • ·The vulnerability is fixed in Ajenti 2.1.32. Systems still running 2.1.31 remain exploitable remotely without authentication bypass — only the username POST parameter manipulation is required.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.