SUBJECT: CVE-2022-36446 MiniServ 1.973 (Webmin 1.973) Vulnerability
TECH STACK: MiniServ 1.973 (Webmin 1.973)
DATE(S) ISSUED: 07/25/2022
CRITICALITY: HIGH
OVERVIEW:
CVE-2022-36446 is a critical vulnerability in MiniServ 1.973, which is a component of Webmin 1.973. This vulnerability allows an attacker to exploit an open port (39993) to gain unauthorized access and potentially execute arbitrary code. Exploiting this vulnerability can lead to a complete compromise of the affected system.
NIST Description: The vulnerability in MiniServ 1.973 of Webmin 1.973 allows attackers to exploit an open port (39993) to bypass authentication and gain unauthorized access. This issue can result in significant security breaches, including unauthorized data access and potential system takeover.
For more details, visit NVD.
THREAT INTELLIGENCE:
CISA has added CVE-2022-36446 to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation by threat actors. This vulnerability is a common attack vector for malicious cyber actors, posing a high risk to systems running the affected software.
For more information, visit CISA.
NIST NVD:
SOLUTION:
The patch for CVE-2022-36446 has been released and should be applied immediately to mitigate the risk. The update addresses the vulnerability in MiniServ 1.973 of Webmin 1.973.
Steps to Mitigate the Vulnerability:
Mitigation Measures:
REFERENCES: