CVE-2024-45692

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 4, 2024
Updated: Sep 5, 2024
CWE ID 835

Summary

CVE-2024-45692 identifies a vulnerability in Webmin versions prior to 2.202 and Virtualmin versions before 7.20.2, which allows the creation of a network traffic loop through spoofed UDP packets on port 10000. This vulnerability has a high base severity score of 7.5 and can significantly impact availability, with an exploitable attack vector over the network requiring no user interaction or privileges. Organizations running affected products could experience service disruptions due to this denial-of-service condition, posing a risk to operational continuity. To remediate this issue, it is recommended that users upgrade their Webmin and Virtualmin installations to the latest versions. Further details can be found in technical references available online, including a mailing list discussion and other security advisories.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share