Summary:
CVE-2024-51378 is a critical vulnerability in CyberPanel versions 2.3.6 and 2.3.7, allowing unauthenticated remote code execution. Exploited by threat actors like the PSAUX ransomware group, it has led to significant server compromises, particularly in the U.S. Users are urged to update to the latest version to mitigate risks.
Keypoints:
CVE-2024-51378 has a CVSS score of 9.8 and affects CyberPanel versions 2.3.6 and 2.3.7.
Allows unauthenticated remote code execution (RCE).
Exploited by the PSAUX ransomware group to encrypt server files.
Public proof of concept (PoC) is available for exploitation.
Numerous CyberPanel instances have been compromised globally, especially in the U.S.
Successful exploitation leads to full server control and potential data breaches.
Users are advised to update to the latest version of CyberPanel.
Attackers exploit the vulnerability by sending crafted OPTIONS HTTP requests.
Improper input validation allows attackers to execute arbitrary commands.
SonicWall has released protective signatures to mitigate the vulnerability.
Monitoring for unusual commands in system logs is recommended if immediate updates are not possible.
MITRE Techniques
Remote Code Execution (T1203): Exploits vulnerabilities to execute arbitrary code on a target system.
Command and Control (T1071): Utilizes multiple command and control domains to maintain communication with compromised systems.
IoC:
No IoC Found.
Full Research: https://blog.sonicwall.com/en-us/2024/11/critical-cyberpanel-vulnerability-cve-2024-51378-how-to-stay-protected/