CVE-2024-12828

Published Dec 30, 2024

Last updated 2 months ago

CVSS critical 9.9

Overview

Description
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.
Source
zdi-disclosures@trendmicro.com
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
9.9
Impact score
6
Exploitability score
3.1
Vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

zdi-disclosures@trendmicro.com
CWE-78

Social media

Hype score
Not currently trending

  1. CVE-2024-12828 POC. Safeuser required https://t.co/WrhkmnuX5m

    @hir0ot

    7 Jan 2025

    4300 Impressions

    9 Retweets

    68 Likes

    36 Bookmarks

    1 Reply

    0 Quotes

  2. Webmin の脆弱性 CVE-2024-12828 (CVSS 9.9) が FIX:ただちにアップデートを! https://t.co/Ku119lDSSn このブログでは、今年で3回目の Webmin 脆弱性です。前回は 2024/09/04 の「Webmin/Virtualmin の脆弱性 CVE-2024-2169 がFIX:直ちにアップデートを!」であり、その前は 2024/07/10… https://t.co/bf5J56LNFQ

    @iototsecnews

    6 Jan 2025

    127 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of We… https://t.co/Y35742WIhy

    @CVEnew

    30 Dec 2024

    512 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-12828: CRITICAL] Critical Webmin vulnerability (ZDI-CAN-22346) enables remote code execution. Attackers exploit CGI requests to run arbitrary commands as root. Update Webmin promptly.#cybersecurity,#vulnerability https://t.co/8jY3wjT98l https://t.co/rbkVfo3nkF

    @CveFindCom

    30 Dec 2024

    37 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-12828 alert 🚨 Webmin: Remote code execution (CVSS: 9.4/10) The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec https://t.co/ksoytto3L6

    @Patrowl_io

    26 Dec 2024

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #Vulnerability #CVE202412828 CVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE https://t.co/18c3Tl9wXi

    @Komodosec

    26 Dec 2024

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. A critical command injection vulnerability (CVE-2024-12828) in Webmin exposes 1M servers to RCE. Even low-privileged users can escalate privileges⏳. Protect your systems! 🔒 #WebminSecurity #RCE #Indonesia #CybersecurityNews link: https://t.co/9TOkfs7d3R https://t.co/vyEeB6lhXs

    @TweetThreatNews

    24 Dec 2024

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Webmin RCE (CVE-2024-12828): Root Yetkileriyle Tam Kontrol Tehlikesi! https://t.co/dcg5r3lypd

    @cyberwebeyeos

    24 Dec 2024

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️⚠️ CVE-2024-12828 (CVSS 9.9): Webmin has found to harbour a critical vulnerability could allow attackers to seize control of servers. 🎯480k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/yQx8baaFp6 FOFA Query:app="webmin" 🔖Refer:…

    @fofabot

    24 Dec 2024

    2055 Impressions

    15 Retweets

    26 Likes

    9 Bookmarks

    1 Reply

    0 Quotes

  10. 【リンク集:12月23日〜24日のセキュリティ関連ニュース/記事】 <脆弱性> ・WordPressプラグインのプレミアムテーマ「WPLMS」、脆弱性7件に対処(CVE-2024-56046、CVE-2024-56050他) https://t.co/Mn58K8LQAc ・CVE-2024-12828(CVSS… https://t.co/HeLGo5dMIJ

    @MachinaRecord

    24 Dec 2024

    84 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE https://t.co/WDjmZfDQdh

    @Dinosn

    24 Dec 2024

    3439 Impressions

    12 Retweets

    56 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  12. システム管理ツールWebminに重大(Critical)な脆弱性。CVE-2024-12828はCVSSスコア9.9で、root権限でのコマンドインジェクション。要認証。非特権ユーザがWebminを使用できる場合に特に危険。修正済み。 https://t.co/GrbgomhPQA

    @__kokumoto

    24 Dec 2024

    2069 Impressions

    6 Retweets

    29 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2024-12828 (CVSS 9.9): Webmin Vulnerability Leaves a Million Servers Exposed to RCE Discover the command injection flaw in #Webmin that allows attackers to execute arbitrary code with root privileges https://t.co/txQD5dOwe5

    @the_yellow_fall

    24 Dec 2024

    83 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨🚨🚨 WebminでRCE脆弱性。悪用には認証が必要ですが、共用サービスなどで提供している場合は一網打尽になりますのでご注意下さい。 CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability https://t.co/kdenYcXS83

    @autumn_good_35

    23 Dec 2024

    1574 Impressions

    4 Retweets

    10 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  15. CVE-2024-12828 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within ... https://t.co/C3ltyBtoRT

    @VulmonFeeds

    20 Dec 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References