Security

Mitigation Instructions for CVE-2018-7602

Written by CyRisk Vulnerability Management Team | Mar 21, 2023 8:56:21 PM

SUBJECT: CVE-2018-7602 Drupal Core Remote Code Execution Vulnerability

TECH STACK: Drupal 7.x and 8.x

DATE(S) ISSUED: 07/19/2018

CRITICALITY: CRITICAL

OVERVIEW:

CVE-2018-7602 is a vulnerability in Drupal, an open-source content management system (CMS) software. The vulnerability could allow an attacker to execute arbitrary code on a Drupal site, potentially allowing them to take complete control of the site and its associated data.

The vulnerability is caused by a flaw in the way that Drupal processes certain types of data, specifically form input. An attacker could exploit this flaw by creating a specially crafted form that, when submitted to a Drupal site, could execute arbitrary code on the server. The vulnerability affects Drupal versions 7.x and 8.x.

https://nvd.nist.gov/vuln/detail/CVE-2018-7602

THREAT INTELLIGENCE:

CISA has added CVE-2020-13671 to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerability. This vulnerability is a frequent attack vector for malicious cyber actors of all types and poses significant risk to the federal enterprise. 

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

NIST: NVD

Base Score: 9.8 CRITICAL

Vector:  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SOLUTION:

The patch for CVE-2018-7602 was released by Drupal on April 25, 2018. It is included in the latest versions of Drupal 7.x and 8.x. To apply the patch, you will need to upgrade your Drupal site to the latest version of the software.

You can download the latest version of Drupal from the Drupal website:

https://www.drupal.org/download

To install the software, follow the instructions provided on the website. It is important to apply the patch as soon as possible to protect your Drupal site from potential attacks. It is also recommended to regularly check for and install the latest security updates to ensure that your Drupal site is protected from the latest threats.

REFERENCES:

BID:103985

CONFIRM:https://www.drupal.org/sa-core-2018-004

DEBIAN:DSA-4180

URL:https://www.debian.org/security/2018/dsa-4180

EXPLOIT-DB:44542

URL:https://www.exploit-db.com/exploits/44542/

EXPLOIT-DB:44557

URL:https://www.exploit-db.com/exploits/44557/

MLIST:[debian-lts-announce] 20180426 [SECURITY] [DLA 1365-1] drupal7 security update

URL:https://lists.debian.org/debian-lts-announce/2018/04/msg00030.html

SECTRACK:1040754

URL:http://www.securitytracker.com/id/1040754