Security News > 2024 > October > Ransomware hits web hosting servers via vulnerable CyberPanel instances
2024-10-30 14:19
A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel is a widely used open-source control panel that’s used for managing servers used for hosting websites. Two critical command injection vulnerabilities (CVE-2024-51378 and CVE-2024-51567) affecting CyberPanel versions 2.3.6 and (unpatched) 2.3.7 have been publicly documented … More → The post Ransomware hits web hosting servers via vulnerable CyberPanel instances appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/30/vulnerable-cyberpanel-psaux-ransomware/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-51567 | Missing Authentication for Critical Function vulnerability in Cyberpanel upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 9.8 |
| 2024-10-29 | CVE-2024-51378 | getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. | 0.0 |