vBulletin 5.x 0day pre-auth RCE
Description
A critical pre-authentication remote code execution vulnerability exists in vBulletin versions 5.0.0 through 5.5.4. This zero-day vulnerability was publicly disclosed on the Full Disclosure mailing list on September 23, 2019, allowing unauthenticated attackers to execute arbitrary code on affected systems. The vulnerability requires no user interaction and can be exploited remotely over the network.
Remediation
Apply the following remediation steps immediately:
1. Upgrade vBulletin: Update to vBulletin version 5.5.5 or later, which addresses this vulnerability. Download the latest version from the official vBulletin website.
2. Verify Installation: After upgrading, confirm the version number in the administrator control panel to ensure the update was successful.
3. Review System Logs: Examine web server access logs and application logs for any suspicious activity or exploitation attempts that may have occurred prior to patching.
4. Temporary Mitigation: If immediate patching is not possible, consider implementing web application firewall (WAF) rules to block known exploit patterns or temporarily restricting access to the vBulletin installation until the upgrade can be completed.
5. Post-Upgrade Security Assessment: If evidence of compromise is found, perform a full security audit, reset all administrative credentials, and consider restoring from a known-good backup taken before the vulnerability disclosure date.