CVE-2024-45692 – This vulnerability allows attackers to create a... (How to Fix)

📋 TL;DR

This vulnerability allows attackers to create a network traffic loop via spoofed UDP packets on port 10000, causing denial of service. It affects Webmin and Virtualmin installations before specific versions. Systems with these services exposed to untrusted networks are at risk.

💻 Affected Systems

Products:

Webmin
Virtualmin

Versions: Webmin before 2.202, Virtualmin before 7.20.2

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with Webmin/Virtualmin service running and UDP port 10000 accessible.

📦 What is this software?

Virtualmin by Virtualmin

View all CVEs affecting Virtualmin →

Webmin by Webmin

View all CVEs affecting Webmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for the Webmin/Virtualmin service and potentially network exhaustion affecting other services on the same host or network segment.

🟠

Likely Case

Service disruption for Webmin/Virtualmin management interface, preventing administrative access.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls are in place to restrict UDP traffic to port 10000.

🌐 Internet-Facing: HIGH - Any Webmin/Virtualmin instance exposed to the internet on port 10000/UDP is vulnerable to DoS attacks from any source.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this to cause service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted UDP packets to port 10000. The technique is documented in the Loop DoS research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Webmin 2.202, Virtualmin 7.20.2

Vendor Advisory: https://webmin.com

Restart Required: Yes

Instructions:

1. Update Webmin: sudo apt update && sudo apt upgrade webmin
2. Update Virtualmin: Use Virtualmin's built-in update system or package manager
3. Restart Webmin service: sudo systemctl restart webmin

🔧 Temporary Workarounds

Block UDP traffic on port 10000

linux

Prevent UDP packets from reaching the vulnerable service using firewall rules

sudo iptables -A INPUT -p udp --dport 10000 -j DROP
sudo iptables -A INPUT -p udp --dport 10000 -j REJECT

Restrict access to trusted networks

linux

Limit Webmin/Virtualmin access to specific IP addresses or networks

sudo iptables -A INPUT -p tcp --dport 10000 -s TRUSTED_IP -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 10000 -j DROP

🧯 If You Can't Patch

Implement strict firewall rules to block all UDP traffic to port 10000 from untrusted sources
Consider moving Webmin/Virtualmin to an internal network segment with restricted access

🔍 How to Verify

Check if Vulnerable:

Check Webmin version: cat /etc/webmin/version
Check Virtualmin version: virtualmin version

Check Version:

webmin --version 2>/dev/null || cat /etc/webmin/version

Verify Fix Applied:

Verify version is Webmin >= 2.202 or Virtualmin >= 7.20.2
Test UDP connectivity to port 10000 is blocked or properly handled

📡 Detection & Monitoring

Log Indicators:

Unusual UDP traffic spikes on port 10000 in firewall logs
Webmin service restart/crash logs

Network Indicators:

High volume of UDP packets to port 10000 from multiple sources
Network performance degradation

SIEM Query:

source_port:10000 AND protocol:UDP AND (packet_count > 1000 OR bytes > 1000000)

📊 Metadata

CVE ID: CVE-2024-45692

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-835

Published: September 4, 2024

Last Updated: September 5, 2024

🔗 References

https://cispa.de/en/loop-dos Technical Description
https://webmin.com Product
https://www.openwall.com/lists/oss-security/2024/09/04/1 Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-45692, you might also want to check these: