CVE-2024-36451 (CVSS 8.8): Webmin Vulnerability Allows Session Hijacking
Webmin and Usermin, popular web-based system administration tools used by millions worldwide, have been found to contain multiple security vulnerabilities, according to Japan’s CERT. These vulnerabilities could potentially allow attackers to execute arbitrary scripts, hijack console sessions, and perform unauthorized operations.
The disclosed vulnerabilities affect various components within Webmin and Usermin, including the sysinfo.cgi, session_login.cgi, and ajaxterm modules. The most severe flaw, CVE-2024-36451 (CVSS 8.8), could enable an attacker to hijack a console session if a user has insufficient permissions or privileges. Other vulnerabilities could lead to cross-site scripting (XSS) attacks, potentially allowing malicious actors to execute arbitrary scripts within a user’s browser.
The vulnerabilities pose several risks, including:
- Execution of Arbitrary Scripts: Users who access the affected website could have arbitrary scripts executed in their browsers (CVE-2024-36450, CVE-2024-36453).
- Session Hijacking: Unauthorized users may hijack console sessions, gaining elevated privileges (CVE-2024-36451).
- Unintended Operations: Viewing a malicious page while logged in could lead to unintended operations being performed on the system (CVE-2024-36452).
These vulnerabilities impact Webmin versions prior to 1.910, 1.970, and 2.003, as well as Usermin versions prior to 1.820. The potential consequences of successful exploitation are severe, ranging from unauthorized access and data theft to complete system compromise. Given the widespread use of Webmin and Usermin in managing Unix-like servers, the urgency for immediate action cannot be overstated.
The most effective way to protect against these vulnerabilities is to update Webmin and Usermin to the latest versions. The developers have released patches that address the identified flaws, significantly reducing the risk of exploitation. Administrators are strongly encouraged to prioritize these updates to ensure the security of their systems.
