Flaw in Imunify360 Exposes Linux Web Servers to Code Execution and Takeover

Flaw in Imunify360 Exposes Linux Web Servers to Code Execution and Takeover

Researchers reveal that a high-severity security flaw in CloudLinux’s Imunify360 cybersecurity technology might lead to arbitrary code execution and web-server takeover. Imunify360, a security platform for Linux-based web servers, allows users to customize a variety of settings for real-time site protection and server security. It includes a powerful firewall, intrusion detection and prevention, antivirus and antimalware scanning, automated kernel patch updates, and management through a web-hosting panel.

The flaw (CVE-2021-21956), according to Cisco Talos researchers, is found in the Imunift360’s Ai-Bolit scanning feature, which allows web admins and site managers to search for malware code, vulnerabilities, and viruses. The flaw might result in a deserialization state with controlled data, allowing an attacker to run arbitrary code.

According to a blog post published by CloudLinux Inc on Monday, the Ai-Bolit capability of CloudLinux Inc Imunify360 5.8 and 5.9 has a PHP unserialize vulnerability. The Ai-Boilt scanner is deployed as a service by default and runs with root capabilities, giving a successful attacker complete control.

According to Cisco Talos’ investigation, a specially constructed misconfigured file can execute arbitrary commands. A cybercriminal can exploit this weakness by sending a malicious file.

Researchers say that there are a few ways for an attacker to carry out an exploit in the real world. For example, they pointed out that if Imunify360 is equipped with real-time file system scanning, an attacker simply has to generate a malicious file on the system. Alternatively, the attacker may send the target a malicious file to activate an exploit when scanned with the Ai-Bolit scanner.

To avoid successful attacks, those employing Imunify360 to defend their Linux webservers should upgrade to the newest version of the platform, which includes a patch.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.


Share on facebook
Share on twitter
Share on linkedin