CVE-2018-1000082 — HIGH (8.8)

Vulnerability Description

Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server . This attack appear to be exploitable via Being a CSRF, victim interaction is needed, when the victim access the infected trigger of the CSRF any code that match the victim privledges on the server can be executed..

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ajenti	Ajenti	2

Related Weaknesses (CWE)

CWE-352

References

https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeeeExploitThird Party Advisory
https://medium.com/stolabs/security-issues-on-ajenti-d2b7526eaeeeExploitThird Party Advisory

FAQ

What is CVE-2018-1000082?

CVE-2018-1000082 is a vulnerability with a CVSS score of 8.8 (HIGH). Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) vulnerability in the command execution panel of the tool used to manage the server. that can result in Code execution on the server...

How severe is CVE-2018-1000082?

CVE-2018-1000082 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-1000082?

Check the references section above for vendor advisories and patch information. Affected products include: Ajenti Ajenti.