CVE-2024-36451 – This vulnerability in Webmin's ajaxterm module ... (How to Fix)

Q: What is the severity of CVE-2024-36451?

CVE-2024-36451 has a CVSS score of 8.8 (HIGH). This vulnerability in Webmin's ajaxterm module allows unauthorized users to hijack console sessions when insufficient permissions are improperly handled. It affects Webmin versions prior to 2.003, potentially exposing system data, allowing webpage alteration, or causing server shutdowns.

📋 TL;DR

This vulnerability in Webmin's ajaxterm module allows unauthorized users to hijack console sessions when insufficient permissions are improperly handled. It affects Webmin versions prior to 2.003, potentially exposing system data, allowing webpage alteration, or causing server shutdowns.

💻 Affected Systems

Products:

Webmin

Versions: Versions prior to 2.003

Operating Systems: All platforms running Webmin

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the ajaxterm module specifically; Webmin installations with this module enabled are vulnerable.

📦 What is this software?

Webmin by Webmin

View all CVEs affecting Webmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through session hijacking leading to data theft, website defacement, or permanent server shutdown.

🟠

Likely Case

Unauthorized access to console sessions resulting in data exposure or limited system manipulation.

🟢

If Mitigated

Minimal impact if proper access controls and network segmentation are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires some level of access but leverages improper permission handling.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.003

Vendor Advisory: https://webmin.com/

Restart Required: Yes

Instructions:

1. Backup your Webmin configuration. 2. Update Webmin to version 2.003 or later using the built-in update mechanism or package manager. 3. Restart the Webmin service.

🔧 Temporary Workarounds

Disable ajaxterm module

linux

Temporarily disable the vulnerable ajaxterm module to prevent exploitation.

webmin-config --disable ajaxterm

Restrict network access

all

Limit Webmin access to trusted IP addresses only.

Configure firewall rules to restrict access to Webmin port (default 10000)

🧯 If You Can't Patch

Implement strict network segmentation to isolate Webmin servers
Enforce strong authentication and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check Webmin version via web interface or command: cat /etc/webmin/version

Check Version:

cat /etc/webmin/version

Verify Fix Applied:

Verify version is 2.003 or higher and ajaxterm module is either updated or disabled.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to ajaxterm endpoints in Webmin logs
Unexpected console session creations

Network Indicators:

Unusual traffic patterns to Webmin's ajaxterm port

SIEM Query:

source="webmin.log" AND (ajaxterm OR session_hijack)

📊 Metadata

CVE ID: CVE-2024-36451

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-280

Published: July 10, 2024

Last Updated: October 8, 2025

🔗 References

https://jvn.jp/en/jp/JVN81442045/ Third Party Advisory
https://webmin.com/ Product
https://jvn.jp/en/jp/JVN81442045/ Third Party Advisory
https://webmin.com/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36451, you might also want to check these: