CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
Description
CyberPanel versions prior to 2.3.7 contain multiple critical vulnerabilities that can be chained together to achieve unauthenticated remote code execution. The attack begins with an authentication bypass (CVE-2024-51567) that allows attackers to access administrative functionality without credentials. This bypass can then be leveraged to exploit command injection vulnerabilities (CVE-2024-51568, CVE-2024-51378) in the DNS and upgrade modules, enabling arbitrary code execution with root privileges on the underlying server.
Remediation
1. Immediately upgrade CyberPanel to version 2.3.7 or later, which addresses all three CVEs. Run the following command as root to upgrade:
sh