CVE-2020-10808 Vesta Control Panel Authenticated Remote Code Execution 6th April 2020

Preface: Dockerized Vesta Control Panel aka vestacp. You can download vesta source code and modify it the way you want. You are totally free to do it so to Vesta is licensed under GPL

Background: You are able to install and configure VestaCP on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7

Vulnerability details: The proof of concept by Metasploit that a Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

Remedy – Remedy looks not release yet, it is suggested to focus in official announcement. https://forum.vestacp.com/viewforum.php?f=25

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.