Guard against Webmin
Options
Zyxel_Forum_Admin
Posts: 125 
Admin
Admin
CVE-2019-15107
Webmin is vulnerable to unauthenticated remote command execution
(Vulnerable version: Webmin version 1.882 to 1.921)
Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several release of Webmin (from 1.882 to 1.921). Later on developer announce that this vulnerability only affects the download of SourceForce repository. The Webmin's GitHub repositories are not affected.
Impact:
The parameter in “password_change.cgi” contains a command injection vulnerability. An attacker can send a malicious http request to the password reset request form page to inject code and take over the Webmin web application. The exploit doesn’t require a valid username or password to bypass the authentication.
Mitigation (On Host Device):
For hosts: Update to Webmin 1.930 or disable the "user password change" option in Webmin will mitigate this vulnerability.
Mitigation (On Network):
1. Access Intranet service through VPN
Webmin is the popular Linux/UNIX systems management UI. The vulnerability is secretly planted by a hacker as a form of backdoor in the development infrastructure and remains in the several release of Webmin (from 1.882 to 1.921). Later on developer announce that this vulnerability only affects the download of SourceForce repository. The Webmin's GitHub repositories are not affected.
Impact:
The parameter in “password_change.cgi” contains a command injection vulnerability. An attacker can send a malicious http request to the password reset request form page to inject code and take over the Webmin web application. The exploit doesn’t require a valid username or password to bypass the authentication.
Mitigation (On Host Device):
For hosts: Update to Webmin 1.930 or disable the "user password change" option in Webmin will mitigate this vulnerability.
Mitigation (On Network):
1. Access Intranet service through VPN
Leveraging VPN technology for remote access to internal Webmin, prevents unauthorized outside access.
2. Deploy advanced protection
Zyxel ZyWALL USG/ATP serial firewall uses its IDP security features to block the network attacks. Update to the latest version of IDP signature and then enable the IDP function to protect your host.
Revision history 2019-11-21: Initial release
2. Deploy advanced protection
Zyxel ZyWALL USG/ATP serial firewall uses its IDP security features to block the network attacks. Update to the latest version of IDP signature and then enable the IDP function to protect your host.
Revision history 2019-11-21: Initial release
Tagged:
0
Categories
- All Categories
- 394 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight