Summary: A critical vulnerability (CVE-2024-45692) in Webmin and Virtualmin control panels could enable devastating Denial-of-Service (DoS) attacks, urging system administrators to act swiftly. The vulnerability exploits the UDP service discovery mechanism, potentially overwhelming servers and rendering them inaccessible.
Threat Actor: Malicious actors | malicious actors
Victim: System administrators and web hosting providers | system administrators and web hosting providers
Key Point :
- The vulnerability affects Webmin versions prior to 2.202 and Virtualmin versions prior to 7.20.2.
- Attackers can exploit the UDP service discovery mechanism to create a “Loop DoS” attack, overwhelming servers with traffic.
- Immediate mitigation involves upgrading to the latest versions or blocking UDP port 10000 from external access.
- The potential impact includes severe service disruption and significant financial losses.
System administrators and web hosting providers relying on the popular Webmin and Virtualmin control panels are urged to take immediate action following the disclosure of a critical vulnerability (CVE-2024-45692) that could lead to devastating Denial-of-Service (DoS) attacks. The vulnerability, tracked as CVE-2024-2169, affects versions of Webmin prior to 2.202 and Virtualmin prior to 7.20.2.
At the heart of the issue lies Webmin/Virtualmin’s UDP service discovery mechanism, typically operating on port 10000. This service responds to any incoming UDP request by revealing the IP address and port where the control panel is accessible. While seemingly benign, this behavior can be exploited by malicious actors to trigger a “Loop DoS” attack.
In a Loop DoS attack, an attacker crafts UDP packets with spoofed source IP addresses and ports, mimicking the addresses of other Webmin instances. When these packets hit a vulnerable Webmin/Virtualmin server, it responds with its own IP and port information. However, because the source addresses are spoofed, the response is sent back to another unsuspecting Webmin server, creating an endless loop of traffic between the two.
This self-sustaining loop can quickly overwhelm the affected servers, consuming their network bandwidth and computational resources, ultimately rendering them inaccessible to legitimate users. The attack can also be amplified by involving multiple Webmin instances, further escalating the impact.
The simplest and most effective way to mitigate this vulnerability is to upgrade to the latest versions of Webmin (2.202) and Virtualmin (7.20.2), which include a fix for the issue. If upgrading is not immediately possible, administrators can temporarily block access to UDP port 10000 from the internet as a workaround.
Given the widespread use of Webmin and Virtualmin and the relative ease of exploiting this vulnerability, it is crucial for administrators to take immediate action. The potential consequences of a successful Loop DoS attack can be severe, disrupting critical services and causing significant financial losses.
Related Posts:
Source: https://securityonline.info/webmin-virtualmin-vulnerability-opens-door-to-loop-dos-attacks