Local Privilege Escalation Vulnerability in VestaCP by Vesta Control Panel
CVE-2021-30463

7.8HIGH

Key Information:

Vendor: Vestacp
Status: Control Panel
Vendor: CVE Published:; 8 April 2021

What is CVE-2021-30463?

VestaCP versions prior to 0.9.8-24 are susceptible to a local privilege escalation vulnerability. Attackers can exploit this weakness by creating symbolic links to files, allowing them to manipulate user permissions. Specifically, through an improperly secured access process, an attacker can read sensitive configuration values, such as the RKEY from user.conf located in the /usr/local/vesta/data/users/admin directory. This enables them to reset the admin password via a targeted URI request. The use of the chmod command inappropriately creates a security loophole that can be exploited for unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://ssd-disclosure.com/ssd-advisory-vestacp-lpe-vulne...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2021
Vulnerability Reserved
Apr 8, 2021

JSON

Vestacp

What is CVE-2021-30463?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.