cPanel Remote Privilege Escalation vulnerability

Medium Nessus Network Monitor Plugin ID 4509

Synopsis

The remote host is vulnerable to a remote 'privilege escalation' flaw

Description

The remote host is running cpanel, a web-hosting control panel. The remote version of this software is vulnerable to a flaw wherein users can gain Administrative access. The root of the flaw is in the way that this version of cPanel allows new user accounts to access the root directory. An attacker, exploiting this flaw, would need the ability to authenticate and the ability to create a new user. Successful exploitation would result in the attacker gaining administrative access.

Solution

Upgrade to version greater than 11.18.4

See Also

http://www.cpanel.net/index.html

Plugin Details

Severity: Medium

ID: 4509

Family: Web Servers

Published: 2004/08/18

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:U/RC:ND

CVSSv3

Base Score: 6.3

Temporal Score: 6.2

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:cpanel:cpanel

Reference Information

CVE: CVE-2008-2478

BID: 29277