Exploração de execução crítica de código remoto de pré-autenticação de dia zero publicada para versões 5.x do vBulletin
New critical zero-day pre-auth RCE exploit code published on Full Disclosure mailing list for 5.x versions of vBulletin (CVE-2019-16759).
UPDATE 09/25/2019: The background and solution sections below have been updated to reflect the security patch issued by the vBulletin team.
Contexto
A preauthentication remote code execution (RCE) zero-day exploit was recently disclosed anonymously for vBulletin 5.x. This zero-day does not seem to have followed coordinated disclosure procedures. VBulletin released a new security patch for vBulletin versions 5.5.2, 5.5.3, and 5.5.4.
Análise
Tenable Research has analyzed and confirmed that this exploit works on default configurations of vBulletin. Based on the public PoC, an unauthenticated attacker can send a specially crafted HTTP POST request to a vulnerable vBulletin host and execute commands. These commands would be executed with the permissions of the user account that the vBulletin service is utilizing. Depending on the service user’s permissions, this could allow complete control of a host.
Prova de conceito
The published exploit code returns its successful execution in a JSON formatted response.
Solução
The vBulletin team has issued a patch for CVE-2019-16759 for vBulletin versions 5.5.2, 5.5.3, and 5.5.4. Users on earlier versions of vBulletin 5.x will need to update to one of the currently supported versions in order to apply the patch. VBulletin cloud users don’t need to perform any additional actions as the fix has already been applied to the cloud version.
Identificação de sistemas afetados
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Obtenha mais informações
Junte-se à equipe de resposta de segurança da Tenable na Tenable.
Saiba mais sobre a Tenable, a primeira plataforma de Cyber Exposure para o gerenciamento holístico da sua superfície de ataque moderna.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Artigos relacionados
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Cybersecurity Snapshot: Find MITRE ATT&CK Complex? Need Help Mapping to It? There’s an App for That!
March 10, 2023Learn about a new tool that streamlines MITRE ATT&CK mapping. Plus, known vulnerabilities remain a major cyber risk – just ask LastPass. Also, discover why SaaS data protection remains difficult. Plus, a look at the U.S. National Cybersecurity Strategy. And much more!
The Ransomware Ecosystem: In Pursuit of Fame and Fortune
July 28, 2022The key players within the ransomware ecosystem, including affiliates and initial access brokers, work together cohesively like a band of musicians, playing their respective parts as they strive for fame and fortune.
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040)
May 14, 2024Microsoft addresses 59 CVEs in its May 2024 Patch Tuesday release with one critical vulnerability and three zero-day vulnerabilities, two of which were exploited in the wild.
Tenable Cloud Security Study Reveals a Whopping 95% of Surveyed Organizations Suffered a Cloud-Related Breach Over an 18-Month Period
May 14, 2024The finding from the Tenable 2024 Cloud Security Outlook study is a clear sign of the need for proactive and robust cloud security. Read on to learn more about the study’s findings, including the main challenges cloud security teams face, their strategies for better protecting their cloud infrastructure and the tools they use to measure success.
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning