Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000
CVE-2024-45692

7.5HIGH

Key Information:

Vendor: Webmin
Status: Virtualmin; Webmin
Vendor: CVE Published:; 4 September 2024

What is CVE-2024-45692?

The vulnerability involves a potential network traffic loop that can be exploited through spoofed UDP packets directed at port 10000 in Webmin prior to version 2.202 and Virtualmin prior to version 7.20.2. This flaw could allow malicious actors to create loops in network traffic, potentially leading to resource exhaustion and denial of service conditions. Administrators are advised to apply the necessary updates to mitigate the risks associated with this vulnerability.

References

https://cispa.de/en/loop-dos

https://webmin.com

https://www.openwall.com/lists/oss-security/2024/09/04/1

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2024