CVE-2019-9081
published 2019CVE-2019-9081: Laravel Framework 5.7.x Illuminate Deserialization Vulnerability The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that…
critical9.8
ITWEXPLOITVulnCheck KEVRansomwareInitial access
Exploited in the wild
Laravel Framework 5.7.x Illuminate Deserialization Vulnerability
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
Affected: Laravel Laravel Framework
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/; https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.ivanti.com/resources/v/doc/pr-survey-report/ransomware-quarterly-indexreport_q2-q3; https://info.securin.io/hubfs/Securin%20Ransomware%20Report%202023.pdf; https://4502402.fs1.hubspotusercontent-na1.net/hubfs/4502402/Ransomware%20-%20Index%20Update%20Q1%202023.pdf
Exploit PoC: https://vulncheck.com/xdb/87a2eca0bae4; https://vulncheck.com/xdb/365069586200
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| laravel | framework | >= 5.7.0 < 6.20.44 | 6.20.44 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Laravel Framework Deserialization Vulnerability
ghsa·2022-05-14
CVE-2019-9081 [CRITICAL] CWE-502 Laravel Framework Deserialization Vulnerability
Laravel Framework Deserialization Vulnerability
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the `__destruct` method of the PendingCommand class in `PendingCommand.php`.
OSV
Laravel Framework Deserialization Vulnerability
osv·2022-05-14
CVE-2019-9081 [CRITICAL] Laravel Framework Deserialization Vulnerability
Laravel Framework Deserialization Vulnerability
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the `__destruct` method of the PendingCommand class in `PendingCommand.php`.
VulnCheck
Laravel Framework 5.7.x Illuminate Deserialization Vulnerability
vulncheck·2019
CVE-2019-9081 Laravel Framework 5.7.x Illuminate Deserialization Vulnerability
Laravel Framework 5.7.x Illuminate Deserialization Vulnerability
The Illuminate component of Laravel Framework 5.7.x has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the __destruct method of the PendingCommand class in PendingCommand.php.
Affected: Laravel Laravel Framework
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/; https://cybersecurityworks.com/howdymanage/uploads/file/ransomware-_-2022-spotlight-report_compressed.pdf; https://www.ivanti.com/resources/v/doc
No detection rules found.
No public exploits indexed.
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
[CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Threat Research Center
Threat Research
Vulnerabilities
## Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
Ken Hsu
Durgesh Sangvikar
Zhibin Zhang
Chris Navarrete
Published: June 24, 2020
Threat Research
Vulnerabilities
Cryptocurrency mining
Cryptojacking
DDoS
Lucifer
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker th
Unit42
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
blogs_unit42·2020-06-24·CVSS 9.8
CVE-2019-9081 [CRITICAL] Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
## Executive Summary
On May 29, 2020, Unit 42 researchers discovered a new variant of a hybrid cryptojacking malware from numerous incidents of CVE-2019-9081 exploitation in the wild. A closer look revealed the malware, which we’ve dubbed “Lucifer”, is capable of conducting DDoS attacks and well-equipped with all kinds of exploits against vulnerable Windows hosts. The first wave of the campaign stopped on June 10, 2020. The attacker then resumed their campaign on June 11, 2020, spreading an upgraded version of the malware and wreaking havoc. The sample was compiled on Thursday, June 11, 2020 10:39:47 PM UTC and caught by Palo Alto Networks Next-Generation Firewall. At the time of writing, the campaign’s still ongoing.
Lucifer is quite powerful in its capabilities. Not only is it capable
2019
Published
Exploited in the wild