Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000
CVE-2024-45692

7.5HIGH

Key Information:

Vendor: Webmin
Status: Virtualmin; Webmin
Vendor: CVE Published:; 4 September 2024

What is CVE-2024-45692?

The vulnerability involves a potential network traffic loop that can be exploited through spoofed UDP packets directed at port 10000 in Webmin prior to version 2.202 and Virtualmin prior to version 7.20.2. This flaw could allow malicious actors to create loops in network traffic, potentially leading to resource exhaustion and denial of service conditions. Administrators are advised to apply the necessary updates to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cispa.de/en/loop-dos

https://webmin.com

https://www.openwall.com/lists/oss-security/2024/09/04/1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 4, 2024

JSON

Webmin

What is CVE-2024-45692?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.