CVE-2023-36458

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Jul 5, 2023
Updated: Jul 11, 2023
CWE ID 77

Summary

CVE-2023-36458 is a vulnerability affecting the 1Panel Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker could exploit this vulnerability to achieve command injection by crafting malicious payloads when entering the container terminal. The vulnerability has been fixed in version 1.3.6. The affected products include various versions of r9ng00, r9ng01, r9ng02, r9ng0w, r9ng0x, r9ng0y, r9ng0z, r9ng0k, r9ng0l, r9ng0m, r9ng0n, r9ng0i, r9ng0j, r9ng0s, r9ng0t, r9ng0u, r9ng0v, r9ng0o, r9ng0p, r9ng0q, and r9ng0r. The vulnerability has a risk score of 67 and a base severity of MEDIUM according to the CVSS:3.1 rating provided by [email protected]. Remediation for this vulnerability involves updating the 1Panel software to version 1.3.6 or later where the issue has been fixed. Organizations using affected versions should promptly apply this update to ensure their systems are protected against potential command injection attacks. This vulnerability poses a moderate danger to organizations using the vulnerable versions of 1Panel as it allows authenticated attackers to execute arbitrary commands within the system. This can lead to unauthorized access or control over the server and its resources potentially resulting in data breaches or disruptions to services hosted on the server. Therefore, timely remediation is crucial in order to mitigate the potential risks associated with this vulnerability.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36458 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options