CyberPanel has released updates addressing critical security vulnerabilities (CVE-2024-51567 and CVE-2024-51568) affecting versions 2.3.6 and possibly 2.3.7. These flaws, which allow unauthenticated remote attackers to execute commands with root privileges, have already been exploited on a large scale. Attackers have used these vulnerabilities in a PSAUX ransomware campaign, targeting over 22,000 publicly accessible CyberPanel instances.
| Product | CyberPanel |
| Date | 2024-10-30 10:10:10 |
| Information |
|
Technical Summary
CVE-2024-51567 and CVE-2024-51568 are vulnerabilities in CyberPanel caused by improper authentication checks, unsanitized user input, and limited security filtering. Attackers exploit these flaws by accessing unprotected paths and injecting arbitrary commands, which can bypass security filters if requests use methods other than POST, such as OPTIONS or PUT. The exploitation allows unauthorized access with elevated privileges and has already been used in ransomware campaigns. CyberPanel has released patches to mitigate these serious security issues.
Recommendations
CyberPanel recommends two main actions for users based on their access level:
For users with SSH access: promptly update the panel by following the provided update guide to secure the system. No additional action is required after the update.
For users without SSH access: if SSH access is blocked due to server overload or hacking attempts, contact your provider to re-enable access to port 22. Once SSH access is restored, update the panel and, if necessary, grant access to the CyberPanel support team by writing to [email protected] for additional assistance.
[Callforaction-THREAT-Footer]
