Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product.
Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers.
The flaw resides in the Ai-Bolit functionality of CloudLinux Inc Imunify360 and an attacker could exploit it to execute arbitrary code using specially crafted files.
“TALOS-2021-1383 (CVE-2021-21956) could be triggered automatically just after the attacker creates a malicious file in the system if Immunify is configured with real-time file system scanning. It could also be triggered if the user scans a malicious file provided by the attacker with Ai-Bolit scanner. The attacker could cause a deserialization condition with controllable data and then execute arbitrary code.” reads the post published by Talos researchers.
The vulnerability affects the following versions of the AI-Bolit product:
The version of AI-Bolit 31.1.2-1 that comes with the ImunifyAV/Imunify360 5.11.3 has addressed the issue.
To check the version of the installs, users can access to Imunify360 agent features from command-line interface (CLI), and run the following command:
Cisco released the SNORTⓇ rules 58252 and 58253 to detect exploitation attempts against this vulnerability.
(SecurityAffairs – hacking, RCE)