CVE-2024-24623 – Softaculous Webuzo contains a command injection... (How to Fix)

Q: What is the severity of CVE-2024-24623?

CVE-2024-24623 has a CVSS score of 8.8 (HIGH). Softaculous Webuzo contains a command injection vulnerability in FTP management functionality that allows authenticated attackers to execute arbitrary commands on the system. This affects all Webuzo installations with FTP management enabled. Attackers can gain full control of the server.

📋 TL;DR

Softaculous Webuzo contains a command injection vulnerability in FTP management functionality that allows authenticated attackers to execute arbitrary commands on the system. This affects all Webuzo installations with FTP management enabled. Attackers can gain full control of the server.

💻 Affected Systems

Products:

Softaculous Webuzo

Versions: All versions prior to the fix

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires FTP management functionality to be enabled and attacker authentication.

📦 What is this software?

Webuzo by Softaculous

View all CVEs affecting Webuzo →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Web server compromise leading to website defacement, data exfiltration, and cryptocurrency mining malware installation.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege, and monitoring are in place, though system integrity may still be compromised.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated access but is straightforward to execute once credentials are obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version from Softaculous

Vendor Advisory: https://www.softaculous.com/board/index.php?topic=10727.0

Restart Required: No

Instructions:

1. Log into Webuzo admin panel. 2. Navigate to Updates section. 3. Apply the latest update. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable FTP Management

linux

Temporarily disable FTP management functionality until patching is possible

Restrict Admin Access

linux

Limit admin panel access to specific IP addresses only

iptables -A INPUT -p tcp --dport 2004 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 2004 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Webuzo instances
Enforce multi-factor authentication for all admin accounts

🔍 How to Verify

Check if Vulnerable:

Check Webuzo version in admin panel or via command line: grep -i version /usr/local/webuzo/version.txt

Check Version:

cat /usr/local/webuzo/version.txt

Verify Fix Applied:

Verify version is updated and test FTP management functionality for command injection attempts

📡 Detection & Monitoring

Log Indicators:

Unusual FTP management activity
Suspicious commands in Webuzo logs
Multiple failed authentication attempts

Network Indicators:

Unexpected outbound connections from Webuzo server
Traffic to known malicious IPs

SIEM Query:

source="webuzo_logs" AND (command="*;*" OR command="*|*" OR command="*`*")

📊 Metadata

CVE ID: CVE-2024-24623

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-78

Published: July 25, 2024

Last Updated: November 21, 2024

🔗 References

https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/ Third Party Advisory
https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-ftp-management-command-injection/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24623, you might also want to check these: