CVE-2017-18390 : What You Need to Know

A vulnerability in cPanel versions prior to 68.0.15 can result in arbitrary code execution in the root account due to inadequate permissions on incremental backups.

Understanding CVE-2017-18390

This CVE identifies a security issue in cPanel software that could allow an attacker to execute arbitrary code in the root account.

What is CVE-2017-18390?

cPanel versions before 68.0.15 are susceptible to a vulnerability (SEC-322) that permits unauthorized code execution in the root account due to insufficient permissions on incremental backups.

The Impact of CVE-2017-18390

The vulnerability poses a significant risk as it could lead to unauthorized access and potential compromise of the root account, allowing attackers to execute malicious code.

Technical Details of CVE-2017-18390

This section provides more in-depth technical information about the CVE.

Vulnerability Description

The weakness in cPanel before version 68.0.15 allows attackers to execute code within the root account due to weak permissions on incremental backups.

Affected Systems and Versions

Affected Product: cPanel
Vulnerable Versions: Prior to 68.0.15

Exploitation Mechanism

Attackers can exploit this vulnerability by leveraging the inadequate permissions on incremental backups to execute arbitrary code in the root account.

Mitigation and Prevention

Protecting systems from CVE-2017-18390 requires immediate action and long-term security measures.

Immediate Steps to Take

Update cPanel to version 68.0.15 or later to mitigate the vulnerability.
Review and adjust permissions on incremental backups to restrict unauthorized access.

Long-Term Security Practices

Regularly monitor and audit permissions and access controls within cPanel.
Implement strong password policies and multi-factor authentication to enhance security.

Patching and Updates

Stay informed about security updates for cPanel and promptly apply patches to address known vulnerabilities.