rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
References
Link | Resource |
---|---|
https://doxfer.webmin.com/Webmin/Webmin_Servers_Index | Vendor Advisory |
https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37 | Patch |
https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c | Patch |
https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/ | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-26T17:07:47
Updated: 2019-08-26T17:36:42
Reserved: 2019-08-26T00:00:00
Link: CVE-2019-15642
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-26T18:15:12.983
Modified: 2019-09-04T18:09:32.827
Link: CVE-2019-15642
JSON object: View
Redhat Information
No data.
CWE