September 21, 2023

A severe PHP deserialization vulnerability leading to code execution has been patched in Imunify360. 

Imunify360 is a security platform for web-hosting servers that allows users to configure various settings for real-time website protection and web server security like advanced firewall, intrusion detection and prevention, antivirus and antimalware scanning, automatic kernel patch updates, and a web-host panel integration for managing it all.


Tracked as CVE-2021-21956 and issued a CVSSv3 score of 8.2, the security flaw is present in Cloud Linux’s Imunify360 versions 5.8 and 5.9.

The Ai-Bolit component is used to scan and check website-related files, such as .php, .js, or .html content, and is installed natively as a service with root privileges. Within a deobfuscation class of the module, a failure to sanitize data that has been submitted means that arbitrary code execution can be performed during unserialization.

A specially crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability

if Imunify360 is configured with real-time file system scanning, the attacker need only create a malicious file in the system, they noted. Or the attacker could also provide a malicious file directly to the target, which would trigger an exploit when a user scans it with the Ai-Bolit scanner.


Users are encouraged to update these affected products as soon as possible: Cloud Linux Inc. Imunify360, versions 5.8 and 5.9 to version 6.1.

The following SNORT rules 58252 and 58253 will detect exploitation attempts against this vulnerability

Leave a Reply

%d bloggers like this: