Experts warn of RCE flaw in Imunify360 security platform

A flaw in CloudLinux’s Imunify360 security product could have been exploited by an attacker for remote code execution.

Cisco’s Talos researchers discovered a remote code execution vulnerability, tracked as CVE-2021-21956, in CloudLinux’s Imunify360 security product.

Imunify360 is a security platform for web-hosting servers that allows to implement real-time protection for website and web servers.

The flaw resides in the Ai-Bolit functionality of CloudLinux Inc Imunify360 and an attacker could exploit it to execute arbitrary code using specially crafted files.

“TALOS-2021-1383 (CVE-2021-21956) could be triggered automatically just after the attacker creates a malicious file in the system if Immunify is configured with real-time file system scanning. It could also be triggered if the user scans a malicious file provided by the attacker with Ai-Bolit scanner. The attacker could cause a deserialization condition with controllable data and then execute arbitrary code.” reads the post published by Talos researchers.

The vulnerability affects the following versions of the AI-Bolit product:

  • 30.8.8-1
  • 30.8.9-1
  • 30.10.3-1
  • 31.0.3-1
  • 31.1.1-1

The version of AI-Bolit 31.1.2-1 that comes with the ImunifyAV/Imunify360 5.11.3 has addressed the issue.

To check the version of the installs, users can access to Imunify360 agent features from command-line interface (CLI), and run the following command:

imunify360-agent version

Cisco released the SNORTⓇ rules 58252 and 58253 to detect exploitation attempts against this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

The post Experts warn of RCE flaw in Imunify360 security platform appeared first on Security Affairs.

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source