About the Vulnerability
Introduction
CyberPanel is an open-source hosting control panel designed for VPS and Dedicated Servers, aimed at simplifying the management of websites and services.
Summary
On October 30, 2024, Sangfor FarSight Labs received notification that a CyberPanel component contains information of Command Injection Vulnerability, classified as critical in threat level.
The upgrademysqlstatus interface in CyberPanel has a command execution vulnerability that can be exploited by unauthorized attackers to execute arbitrary commands, leading to server compromise.
Affected Versions
CyberPanel 2.3.5
CyberPanel 2.3.6
Solutions
Official Solution
Affected users are strongly advised to update the version of CyberPanel to 2.3.7 and versions above.
Download link: https://github.com/usmannasir/cyberpanel/tree/v2.3.7
Sangfor Solutions
Risky Assets Detection
Support is provided for proactive detection of CyberPanel; and it is capable of batch identifying the affected asset conditions of this event in business scenarios. Related products are as follows:
[Sangfor Host Security] has released an asset detection scheme, with Fingerprint ID: 0031616.
Vulnerability Proactive Detection
Support is provided for proactive detection of CyberPanel upgrademysqlstatus Command Injection Vulnerability; and it is capable of quickly batch identifying whether there are vulnerability risks in business scenarios. Related products are as follows:
[Sangfor Host Security] is expected to release a detection scheme on November 3, 2024, with Rule ID: SF-2024-01240.
[Sangfor Cyber Guardian MDR] is expected to release a detection scheme on November 4, 2024, with Rule ID: SF-2024-01240.
[Sangfor Omni-Command] is expected to release a detection scheme on November 3, 2024(requiring Host Security component capabilities), with Rule ID: SF-2024-01240.
Vulnerability Security Detection
Support is provided for monitoring CyberPanel upgrademysqlstatus Command Injection Vulnerability; and it is capable of monitoring the affected asset conditions in business scenarios in real-time based on traffic collection, and quickly checking the scope of impact. Related products and services are as follows:
[Sangfor Cyber Command] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027772.
[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme on November 8, 2024 (requiring Cyber Command component capabilities), with Rule ID: 11027772.
[Sangfor Omni-Command] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027772.
Safety Protection
Support is provided for defense against CyberPanel upgrademysqlstatus Command Injection Vulnerability; and it is capable of blocking attackers' intrusion targeting this event. Related products and services are as follows:
[Sangfor Network Secure] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027772.
[Sangfor WAF] is expected to release a monitoring scheme on November 8, 2024, with Rule ID: 11027772.
[Sangfor Cyber Guardian MDR] is expected to release a monitoring scheme on November 8, 2024 (requiring AF component capabilities), with Rule ID: 11027772.
[Sangfor Omni-Command] is expected to release a monitoring scheme on November 8, 2024 (requiring AF component capabilities), with Rule ID: 11027772.
Timeline
On October 30, 2024, Sangfor FarSight Labs received notification of CyberPanel upgrademysqlstatus Command Injection Vulnerability.
On October 30, 2024, Sangfor FarSight Labs released a vulnerability alert.
References
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
