CVE-2022-0824 Scanner
Detects 'Improper Access Control' vulnerability in Webmin affects v. prior to 1.990.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Time Interval
816 sec
Scan only one
Domain, Ipv4
Toolbox
-
Webmin is a web-based system configuration tool that allows administrators to manage server functions such as user account management, firewall configuration, and file system management. It is designed to simplify the administration of Unix-based systems by providing a user-friendly interface for performing various administrative tasks. Webmin has been widely used by system administrators for many years due to its convenience and ease of use.
However, Webmin has recently been found to be vulnerable to a critical flaw identified as CVE-2022-0824. This vulnerability is a result of improper access control to remote code execution, which allows attackers to remotely execute arbitrary code on a vulnerable system. The vulnerability is triggered when the Webmin server receives specially crafted HTTP requests from a malicious user, which can result in remote code execution on the targeted system.
When exploited, the CVE-2022-0824 vulnerability can lead to devastating consequences. A remote attacker can use the vulnerability to gain access to the targeted system, steal sensitive data, install backdoors, and even launch a larger-scale attack on other systems within the network. Since this vulnerability can be remotely exploited, the number of potential victims is enormous, making it an urgent concern for all organizations using the Webmin tool.
In conclusion, the CVE-2022-0824 vulnerability is a severe threat to organizations that use the Webmin system administration tool. By taking appropriate precautions, administrators can protect their systems and data from being compromised. It is recommended to use a security platform such as s4e.io Pro features, which provide advanced threat detection and security information to help keep digital assets safe from various vulnerabilities. With the right tools and knowledge, organizations can stay one step ahead of cyber attackers and protect their valuable resources.
REFERENCES
- http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html
- https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38
- https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295
- https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html