"An attacker can use a specially crafted file that triggers the vulnerability when the product scans it. The vulnerability was recently patched, but Imunify360 developer Cloud Linux Software has not assigned a CVE identifier. In an advisory published on November 4, Cloud Linux Software informed customers that the Ai-Bolit malware scanner used in Imunify360, ImunifyAV+, and ImunifyAV is impacted by a "critical security vulnerability". A patch has been available since October 21."
"Patchstack reported that information about the flaw has been spreading since late October, but the security firm cannot say whether it has been exploited in the wild. Oliver Sild, co-founder and CEO of Patchstack, told SecurityWeek that hackers could sign up for shared hosting accounts at providers that use Imunify360 and intentionally upload malware designed to trigger the vulnerability. Code planted inside the bait malware file would be executed with the elevated privileges of the malware scanner."
Imunify360's Ai-Bolit malware scanner has a critical vulnerability that can be triggered by a specially crafted file, enabling arbitrary code execution. The scanner runs with elevated privileges, so exploitation could lead to full compromise of the hosting environment and access to other sites on shared servers. A patch for the flaw was released on October 21, but Cloud Linux Software has not assigned a CVE identifier. Patchstack published technical details and a proof-of-concept and warned that attackers could upload bait malware via shared hosting accounts to trigger the issue. It is unknown whether the flaw has been exploited in the wild.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]