Vulnerability CVE-2019-25066


Published: 2022-06-09

Description:
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.5/10
6.4/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Ajenti -> Ajenti 

 References:
https://vuldb.com/?id.143950
https://github.com/ajenti/ajenti/commit/7aa146b724e0e20cfee2c71ca78fafbf53a8767c
https://www.exploit-db.com/exploits/47497

Copyright 2024, cxsecurity.com

 

Back to Top