Cross-Site Request Forgery Vulnerability in Ajenti Management Tool
CVE-2018-1000082

8.8HIGH

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 13 March 2018

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-1000082?

Ajenti version 2 is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability in its command execution panel, which is used for server management. This vulnerability allows an attacker to execute unauthorized commands on the server without the victim's consent. To exploit this vulnerability, the attacker must lure the victim into interacting with a malicious trigger that executes code corresponding to the victim's privileges on the server, potentially leading to significant security breaches.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-1000082-exploit
Created by SECFORCE

References

https://medium.com/stolabs/security-issues-on-ajenti-d2b7...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 22, 2019
👾
Exploit known to exist
Oct 22, 2019
Vulnerability published
Mar 13, 2018
Vulnerability Reserved
Feb 21, 2018

CVE-2018-1000082 Data

JSON