CVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE

The popular web-based system administration tool, Webmin, has been found to harbor a critical security vulnerability (CVE-2024-12828) that could allow attackers to seize control of servers. With an estimated one million installations worldwide, the impact of this vulnerability could be widespread.

The vulnerability, assigned a CVSS score of 9.9, stems from a command injection flaw within Webmin’s CGI request handling. Essentially, the software fails to properly sanitize user-supplied input, enabling attackers to inject malicious commands that are then executed with root privileges.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability,” the advisory notes.

What makes this vulnerability particularly dangerous is that it can be exploited by less-privileged Webmin users. This means that even if an attacker doesn’t have full administrative access, they could potentially escalate their privileges and take complete control of the server.

The exploitability of CVE-2024-12828 could have devastating consequences, including:

• Full server compromise
• Unauthorized access to sensitive data
• Deployment of malicious scripts and ransomware
• Use of compromised servers as platforms for further attacks

The vulnerability was discovered by Trend Micro’s Zero Day Initiative and has been addressed in Webmin version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.

Related Posts:

• Security Update for Webmin: Addressing Privilege Escalation Vulnerability
• Webmin/Virtualmin Vulnerability Opens Door to Loop DoS Attacks (CVE-2024-2169)
• CVE-2024-36451 (CVSS 8.8): Webmin Vulnerability Allows Session Hijacking
• Let’s Encrypt Root gains the trust of all major root programs
• Decoding the Web Injection Malware Campaign of 2023