CVE-2023-36458

Summary

CVE-2023-36458 is a vulnerability affecting the 1Panel Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker could exploit this vulnerability to achieve command injection by crafting malicious payloads when entering the container terminal. The vulnerability has been fixed in version 1.3.6. The affected products include various versions of r9ng00, r9ng01, r9ng02, r9ng0w, r9ng0x, r9ng0y, r9ng0z, r9ng0k, r9ng0l, r9ng0m, r9ng0n, r9ng0i, r9ng0j, r9ng0s, r9ng0t, r9ng0u, r9ng0v, r9ng0o, r9ng0p, r9ng0q, and r9ng0r. The vulnerability has a risk score of 67 and a base severity of MEDIUM according to the CVSS:3.1 rating provided by [email protected]. Remediation for this vulnerability involves updating the 1Panel software to version 1.3.6 or later where the issue has been fixed. Organizations using affected versions should promptly apply this update to ensure their systems are protected against potential command injection attacks. This vulnerability poses a moderate danger to organizations using the vulnerable versions of 1Panel as it allows authenticated attackers to execute arbitrary commands within the system. This can lead to unauthorized access or control over the server and its resources potentially resulting in data breaches or disruptions to services hosted on the server. Therefore, timely remediation is crucial in order to mitigate the potential risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.