Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experts warn of RCE flaw in Imunify360 security platform

A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution. Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product. Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers. The […]

Imunify360

A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution.

Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product.

Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers.

The flaw resides in the Ai-Bolit functionality of CloudLinux Inc Imunify360 and an attacker could exploit it to execute arbitrary code using specially crafted files.

TALOS-2021-1383 (CVE-2021-21956) could be triggered automatically just after the attacker creates a malicious file in the system if Immunify is configured with real-time file system scanning. It could also be triggered if the user scans a malicious file provided by the attacker with Ai-Bolit scanner. The attacker could cause a deserialization condition with controllable data and then execute arbitrary code.” reads the post published by Talos researchers.

The vulnerability affects the following versions of the AI-Bolit product:

  • 30.8.8-1
  • 30.8.9-1
  • 30.10.3-1
  • 31.0.3-1
  • 31.1.1-1

The version of AI-Bolit 31.1.2-1 that comes with the ImunifyAV/Imunify360 5.11.3 has addressed the issue.

To check the version of the installs, users can access to Imunify360 agent features from command-line interface (CLI), and run the following command:

imunify360-agent version

Cisco released the SNORTⓇ rules 58252 and 58253 to detect exploitation attempts against this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

[adrotate banner=”5″]

[adrotate banner=”13″]