Improper Access Control to Remote Code Execution in webmin/webmin
CVE-2022-0824

8.8HIGH

Key Information:

Vendor: webmin
Status: webmin/webmin
Vendor: CVE Published:; 2 March 2022

🔔 Create webmin Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 93%

What is CVE-2022-0824?

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.

Affected Version(s)

webmin/webmin < 1.990

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Webmin-CVE-2022-0824-revshell
Created by faisalfs10x

Metasploit exploit module for CVE-2022-0824
Created by Rapid7

CVE-2022-0824
Created by honypot

References

https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de10...

https://github.com/webmin/webmin/commit/39ea464f0c40b325d...

http://packetstormsecurity.com/files/166240/Webmin-1.984-...

EPSS Score

93% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 8, 2022
👾
Exploit known to exist
Nov 8, 2022
Vulnerability published
Mar 2, 2022
Vulnerability Reserved
Mar 2, 2022