The CISA has warned about a critical vulnerability in CyberPanel tracked as CVE-2024-51378, is being actively exploited by attackers to deploy ransomware and added to the known exploited vulnerability catalog
The vulnerability tracked as CVE-2024-51378 with a CVSS score of 10.0, allows remote attackers to bypass authentication and execute arbitrary commands, effectively giving them complete control over the affected system. Attackers can craft malicious requests that exploit a weakness in the security middleware, allowing them to inject commands that are then executed on the server. This can be used to deploy ransomware, steal data, or take other malicious actions.
CISA urged all federal agencies to apply the latest CyberPanel updates by December 25, 2024.
