Security News > 2021 > November > Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover

Imunify360 Bug Leaves Linux Web Servers Open to Code Execution, Takeover
2021-11-22 19:14

A high-severity security vulnerability in CloudLinux's Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers.

Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security.

According to researchers at Cisco Talos, the bug specifically exists in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code.

0 vulnerability-severity scale, can lead to a deserialization condition with controllable data, that would allow an attacker to then execute arbitrary code.

It added, "To be more preciseinside the Deobfuscator class, ai-bolit-hoster.php keeps a list of signatures representing code patterns generated by common obfuscatorsWhen a certain signature is inside a scanned file, the proper de-obfuscation handler is executed, which tries to pull out essential data from the obfuscated code."

For one, if Immunify360 is configured with real-time file system scanning, the attacker need only to create a malicious file in the system, they noted.


News URL

https://threatpost.com/linux-web-servers-imunify360-bug/176508/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232