Overview
Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms are vulnerable to remote code execution.
Description
Parallels Plesk Panel versions 9.0 - 9.2.3 on Linux platforms may be exploited by a combination of CVE-2012-1823 and the Plesk phppath script alias usage. There have been reports that this vulnerability is being exploited in the wild. |
Impact
A remote unauthenticated attacker may be able to run arbitrary code under the context of the web server user. |
Solution
Apply an Update Parallels Plesk Panel 9.0 - 9.2.3 have been considered end-of-life software for over 3 years. Users should upgrade to at least 9.5.4 or later. Parallels will provide additional workaround mitigations in Knowledge base article 116241 soon. |
Update PHP |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Temporal | 6.5 | E:H/RL:OF/RC:C |
| Environmental | 4.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
References
- http://kb.parallels.com/116241
- http://kb.parallels.com/en/113818
- http://www.parallels.com/products/plesk/lifecycle
- http://seclists.org/fulldisclosure/2013/Jun/21
- http://blogs.cisco.com/security/plesk-0-day-targets-web-servers/
- http://kb.parallels.com/en/113814
- http://www.php.net/archive/2012.php#id2012-05-03-1
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1823
Acknowledgements
Kingcope published an exploit for this vulnerability to the Full Disclosure mailing list.
This document was written by Jared Allar.
Other Information
| CVE IDs: | CVE-2012-1823 |
| Date Public: | 2013-06-05 |
| Date First Published: | 2013-06-07 |
| Date Last Updated: | 2013-06-07 16:19 UTC |
| Document Revision: | 16 |