CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns

CVE-2024-51378 vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in CyberPanel, an open-source web hosting control panel. This flaw, tracked as CVE-2024-51378, is being actively exploited by attackers to deploy ransomware, including strains like PSAUX, C3RB3R, and a variant of Babuk.

Maximum Severity, Maximum Impact

CVE-2024-51378 has been assigned a CVSS score of 10.0, the highest possible severity rating. This reflects the ease with which attackers can exploit the vulnerability and the devastating impact successful attacks can have. The vulnerability allows remote attackers to bypass authentication and execute arbitrary commands, effectively giving them complete control over the affected system.

How the Attack Works

The vulnerability lies in how CyberPanel handles certain requests. Attackers can craft malicious requests that exploit a weakness in the security middleware, allowing them to inject commands that are then executed on the server. This can be used to deploy ransomware, steal data, or take other malicious actions.

Who is at Risk?

CyberPanel is a popular choice for organizations that need to manage web hosting, email, databases, and other essential online services. It is commonly used with CentOS, Ubuntu, and AlmaLinux. Because CyberPanel is often accessible over the public internet, organizations that haven’t taken steps to restrict access are particularly vulnerable.

CISA Urges Immediate Action

CISA has added CVE-2024-51378 to its Known Exploited Vulnerabilities (KEV) catalog and is urging all federal agencies to apply the latest CyberPanel updates by December 25, 2024. This deadline underscores the urgency of the situation and the need for immediate action.

Recommendations for Organizations

  • Update CyberPanel: Install the latest security updates from CyberPanel immediately.
  • Restrict Access: Limit access to CyberPanel to trusted IP addresses or use VPNs for secure remote management.
  • Monitor for Suspicious Activity: Keep a close eye on server logs for any signs of compromise.
  • Back Up Data: Ensure that all critical data is regularly backed up and can be restored in case of a ransomware attack.

Related Posts: