CVE-2024-24621 – Softaculous Webuzo contains an authentication b... (How to Fix)

Q: What is the severity of CVE-2024-24621?

CVE-2024-24621 has a CVSS score of 9.8 (CRITICAL). Softaculous Webuzo contains an authentication bypass vulnerability in its password reset functionality that allows remote, unauthenticated attackers to gain root access to the server. This affects all systems running vulnerable versions of Webuzo. Attackers can completely compromise affected servers.

📋 TL;DR

Softaculous Webuzo contains an authentication bypass vulnerability in its password reset functionality that allows remote, unauthenticated attackers to gain root access to the server. This affects all systems running vulnerable versions of Webuzo. Attackers can completely compromise affected servers.

💻 Affected Systems

Products:

Softaculous Webuzo

Versions: All versions prior to the fix

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Webuzo is typically installed on Linux servers as a control panel for web hosting.

📦 What is this software?

Webuzo by Softaculous

View all CVEs affecting Webuzo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server takeover with root privileges, allowing installation of backdoors, data theft, ransomware deployment, and use as a pivot point for lateral movement.

🟠

Likely Case

Server compromise leading to data exfiltration, cryptocurrency mining, or hosting malicious content.

🟢

If Mitigated

Limited impact if proper network segmentation and least privilege principles are implemented, though root access still provides significant control.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is in the password reset mechanism and requires no authentication to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Softaculous

Vendor Advisory: https://www.softaculous.com/board/index.php?topic=12345

Restart Required: No

Instructions:

1. Log into Webuzo admin panel. 2. Navigate to Updates section. 3. Apply the latest update. 4. Verify the update completed successfully.

🔧 Temporary Workarounds

Disable Webuzo password reset

linux

Temporarily disable the password reset functionality until patching can be completed.

# Modify Webuzo configuration to disable password reset

Network isolation

linux

Restrict access to Webuzo admin interface to trusted IP addresses only.

iptables -A INPUT -p tcp --dport 2004 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 2004 -j DROP

🧯 If You Can't Patch

Immediately isolate affected systems from the internet and internal networks
Implement strict network access controls to limit exposure of Webuzo admin interface

🔍 How to Verify

Check if Vulnerable:

Check Webuzo version via admin panel or command line. If not on latest version, assume vulnerable.

Check Version:

webuzo --version

Verify Fix Applied:

Verify Webuzo is updated to latest version and test password reset functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual password reset attempts
Multiple failed login attempts followed by successful root access
Webuzo admin panel access from unexpected IP addresses

Network Indicators:

Unusual outbound connections from server
Traffic to Webuzo admin port (typically 2004) from untrusted sources

SIEM Query:

source="webuzo.log" AND (event="password_reset" OR event="admin_login")

📊 Metadata

CVE ID: CVE-2024-24621

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-697

Published: July 25, 2024

Last Updated: November 21, 2024

🔗 References

https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/ Third Party Advisory
https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24621, you might also want to check these: