WebDAV User Management Issue in ISPConfig by ISPConfig
CVE-2012-2087

9.8CRITICAL

Key Information:

Vendor
Ispconfig
Status
Ispconfig
Vendor
CVE Published:
23 January 2020

Summary

The vulnerability in ISPConfig version 3.0.4.3 arises from a flaw in the 'Add new WebDAV user' feature, which permits remote users to execute dangerous commands like chmod and chown from the client interface. This could lead to significant permission changes across the entire server, allowing unauthorized access and modifications. As a result, it is critical for users of the affected version to apply relevant patches and ensure proper server configurations to mitigate potential exploitation.

Affected Version(s)

ISPConfig 3.0.4.3

References

http://www.openwall.com/lists/oss-security/2012/04/08/3
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/74739
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/04/09/4
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.