CVE-2024-12828
published 2024-12-30CVE-2024-12828: Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected…
PriorityP279high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
32.02%
98.1th percentile
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webmin | webmin | — | — |
| webmin | webmin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability exists in the handling of CGI requests within Webmin — monitor for unusual CGI invocations that include shell metacharacters or unsanitized user-supplied strings passed to system calls. ↗
- →Successful exploitation results in code execution as root — alert on Webmin processes spawning unexpected child processes or shells with root privileges. ↗
- →Authentication is required to exploit this vulnerability — monitor for authenticated Webmin sessions followed immediately by anomalous CGI requests, particularly from low-privilege or newly created accounts. ↗
- ·Exploitation requires the attacker to be authenticated to Webmin — unauthenticated access alone is insufficient to trigger the vulnerability. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.9CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2024-12-30
Published