- Description
- getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- CyberPanel Incorrect Default Permissions Vulnerability
- Exploit added on
- Dec 4, 2024
- Exploit action due
- Dec 25, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2024-51378 has recently been classified as a CISA Known Exploited Vulnerability (KEV) called "CyberPanel Incorrect Default Permissions Vulnerability". Know more: https://t.co/HE4YMVMXrJ #KEV #CyberSecurity #CVE #VulnerabilityManagement #CISO https://t.co/KmW1Lsln3N
@attaxion
13 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2/13 🔓 Authentication Bypass in @CyberPanel CVE-2024-51378 - A 10.0 severity score! Hackers can execute commands without login. PSAUX and Helldown ransomware are already on it. #CyberDefense #PatchNow
@Eth1calHackrZ
10 Dec 2024
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
https://t.co/nSSzUbXlVi CyberPanel Command Injection Vulnerability - CVE-2024-51378 #github #exploit
@HackingTeam777
10 Dec 2024
1149 Impressions
8 Retweets
27 Likes
7 Bookmarks
0 Replies
0 Quotes
GitHub - refr4g/CVE-2024-51378: Exploit for CyberPanel Pre-Auth RCE via Command Injection https://t.co/AsCPcLPAot
@akaclandestine
8 Dec 2024
627 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical alert! 🚨 The CyberPanel flaw (CVE-2024-51378, CVSS 10.0) is now on CISA's KEV catalog. Exploited in a massive ransomware attack targeting 22k+ servers, agencies have until Dec 25, 2024, to patch. Act now! #CyberSecurity #CISA #CyberPanel https://t.co/QtGNV5NTGb
@Empist
6 Dec 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA War CVE-2024-51378 Severity: ⚠️ Critical Maturity: 💢 Emerging Learn more: https://t.co/XbYZdeZjmj #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
6 Dec 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Exploitation of Flaws in ProjectSend, CyberPanel, and Zyxel: CVE-2024-51378 CVE-2023-45727 CVE-2024-11680 CVE-2024-11667 CVE-2024-45841 CVE-2024-47133 CVE-2024-52564 https://t.co/qerETOTK91
@vault33org
5 Dec 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds CyberPanel Flaw CVE-2024-51378 to KEV Catalog #Cyberpanel #CVE-2024-51378 https://t.co/rmyDgjN6tc
@pravin_karthik
5 Dec 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CISA Adds One Known Exploited Vulnerability to Catalog CVE-2024-51378 (CVSS: 10) : CyberPanel Command Injection Vulnerability ZoomEye Dork👉app="Cyberpanel" 227k+ results are found on https://t.co/2EQoXN52Vx. ZoomEye Link: https://t.co/EZBugvZzO6 PoC:… https://t.co/QB2tEHU
@zoomeye_team
5 Dec 2024
442 Impressions
3 Retweets
1 Like
2 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns Stay informed about the latest cyber threat: CVE-2024-51378 vulnerability in CyberPanel exploited by attackers to deploy ransomware and compromise systems https://t.co/QrdTMW0m3D
@the_yellow_fall
5 Dec 2024
283 Impressions
2 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
CISA が既知の悪用された脆弱性を 1 つカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Dec 4) - CVE-2024-51378 CyberPanel の不適切なデフォルト権限の脆弱性 https://t.co/JKqkV0mC3j
@foxbook
5 Dec 2024
221 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-51378 #CyberPanel Incorrect Default Permissions Vulnerability https://t.co/807SOVJK6n
@ScyScan
4 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA Adds One Known Exploited Vulnerability to Catalog: CVE-2024-51378 - CyberPanel Incorrect Default Permissions https://t.co/gDFfO3V1jt https://t.co/Yd2YTecYJX
@TMJIntel
4 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added #CyberPanel vulnerabilities, CVE-2024-51378, to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dOIn6I9vuB & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/swvZBpWbnM
@CISACyber
4 Dec 2024
4322 Impressions
13 Retweets
23 Likes
3 Bookmarks
37 Replies
2 Quotes
🔴 CyberPanel, Command Injection Vulnerability, #CVE-2024-51378 (Critical) https://t.co/GoTHLeLWbw
@dailycve
4 Dec 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-35202 2 - CVE-2024-38821 3 - CVE-2024-51378 4 - CVE-2024-50550 5 - CVE-2024-9264 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
3 Nov 2024
125 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-45216 2 - CVE-2024-38821 3 - CVE-2023-23397 4 - CVE-2024-51378 5 - CVE-2024-46538 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
2 Nov 2024
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 is getting exploited #inthewild. Find out more at https://t.co/9I24IDM7Wd CVE-2024-51567 is getting exploited #inthewild. Find out more at https://t.co/CHMCRKe7PP
@inthewildio
1 Nov 2024
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC for CVE-2024-51378; CyberPanel Command Injection Vulnerability https://t.co/N9YbK7yOjZ https://t.co/8DED6ZWO9X
@DarkWebInformer
1 Nov 2024
3734 Impressions
7 Retweets
18 Likes
6 Bookmarks
0 Replies
0 Quotes
CyberPanel: several critical zero-click unauthenticated root RCE URL: https://t.co/Uk76cNb5qv Classification: Critical, Solution: Temporary Fix, Exploit Maturity: High, CVSSv3.1: 10.0 CVEs: CVE-2024-51567, CVE-2024-51568, CVE-2024-51378 See also: - https://t.co/ewewfhR92l #cyberp
@CharyyevPerman
31 Oct 2024
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
PSAUX Ransomware exploits CyberPanel Vulnerabilities #PSAUXRansomware #CyberPanel #CVE-2024-51567 #CVE-2024-51568 #CVE-2024-51378 https://t.co/0c1xcVAZmm
@pravin_karthik
30 Oct 2024
75 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus... https://t.co/KIw8iUTTVe
@VulmonFeeds
30 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-51378: CRITICAL] CyberPanel vulnerability allows remote attackers to bypass authentication & execute arbitrary commands, impacting versions up to 2.3.6 and 2.3.7. Ensure prompt updates for security.#cybersecurity,#vulnerability https://t.co/kKbfwuVHsk https://t.co/b
@CveFindCom
29 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51378 getresetstatus in dns/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /ftp… https://t.co/1tqaXdIQ2O
@CVEnew
29 Oct 2024
500 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cyberpanel:cyberpanel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AF5FFC6-208E-4DD5-B298-56EFD7047F47",
"versionEndExcluding": "2.3.8"
}
],
"operator": "OR"
}
]
}
]