CVE-2019-13359

moderate-risk

Published 2019-07-16

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.

Do I need to act?

~

9.4% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

!

1 public exploit available

47124

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / HIGH complexity

Affected Products (1)

Webpanel

Affected Vendors

Control-Webpanel

References (4)

Exploit http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-P...

Exploit https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-201...

Exploit http://packetstormsecurity.com/files/153666/CentOS-Control-Web-Panel-0.9.8.836-P...

Exploit https://github.com/i3umi3iei3ii/CentOS-Control-Web-Panel-CVE/blob/master/CVE-201...

38

/ 100

moderate-risk

Severity 22/34 · High

Exploitability 11/34 · Low

Exposure 5/34 · Minimal