All vulnerabilities
CVE-2024-51378 Known ransomware use
CyberPanel Incorrect Default Permissions Vulnerability
CyberPersons — CyberPanel
- Added to KEV catalog
- 4 December 2024
- Federal remediation due date
- 25 December 2024
- Weakness classification (CWE)
- CWE-276
CISA Description
CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://cyberpanel.net/KnowledgeBase/home/change-logs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-51378
More CyberPersons Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services