CVE-2019-12840 – Webmin/Webmin – OS command injection vulnerability

January 2, 2021

CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses the patch issued for this vulnerability in July, 2019.

Summary:

CVE-2019-12840 is an OS command injection vulnerability impacting Webmin versions 1.910 and earlier. A Metasploit module was observed in open source. A security researcher disclosed a new method that bypasses the patch issued for this vulnerability in July, 2019.

PoC Links(if available):

Exploit DB Metasploit module –
https://www.exploit-db.com/exploits/46984

Known Counter Measures:

The vendor first addressed the vulnerability in Webmin version 1.920 which was released in July, 2019. However, it was reported that the 2019 patch release was ineffective which resulted in CVE-2020-35606.

Links to patches(if available)

https://www.webmin.com/download.html

Tags:

You may have missed

CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 25, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 25, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 25, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 25, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 25, 2024