First published: Tue Apr 21 2020(Updated: )
An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Vestacp Vesta Control Panel | <=0.9.8-26 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-10787 is a vulnerability in Vesta Control Panel through version 0.9.8-26 that allows an attacker to gain root system access from the admin account via the user password change script.
CVE-2020-10787 has a severity rating of 8.8 (critical).
An attacker can exploit CVE-2020-10787 by using the v-change-user-password script in Vesta Control Panel to gain root system access from the admin account.
Vesta Control Panel versions up to and including 0.9.8-26 are affected by CVE-2020-10787.
Yes, updating Vesta Control Panel to a version beyond 0.9.8-26 will fix the vulnerability.