A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution.
Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product.
Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers.
The flaw resides in the Ai-Bolit functionality of CloudLinux Inc Imunify360 and an attacker could exploit it to execute arbitrary code using specially crafted files.
“TALOS-2021-1383 (CVE-2021-21956) could be triggered automatically just after the attacker creates a malicious file in the system if Immunify is configured with real-time file system scanning. It could also be triggered if the user scans a malicious file provided by the attacker with Ai-Bolit scanner. The attacker could cause a deserialization condition with controllable data and then execute arbitrary code.” reads the post published by Talos researchers.
The vulnerability affects the following versions of the AI-Bolit product:
- 30.8.8-1
- 30.8.9-1
- 30.10.3-1
- 31.0.3-1
- 31.1.1-1
The version of AI-Bolit 31.1.2-1 that comes with the ImunifyAV/Imunify360 5.11.3 has addressed the issue.
To check the version of the installs, users can access to Imunify360 agent features from command-line interface (CLI), and run the following command:
imunify360-agent versionCisco released the SNORTⓇ rules 58252 and 58253 to detect exploitation attempts against this vulnerability.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, RCE)
[adrotate banner=”5″]
[adrotate banner=”13″]
Share On
