CVE-2017-18410:Backup Archive Vulnerability in cPanel Exposing All MySQL Databases

splash
Back

Description Preview

In cPanel versions prior to 67.9999.103, there exists a security vulnerability (SEC-284) where a user account's backup archive could inadvertently contain all MySQL databases on the server, not just the databases owned by that user. This improper input validation vulnerability (CWE-20) could potentially allow unauthorized access to sensitive data from other user accounts on the same server.

Overview

This vulnerability affects cPanel installations before version 67.9999.103. The issue occurs during the backup process where cPanel incorrectly includes all MySQL databases from the server in a user's backup archive instead of limiting the backup to only databases owned by that specific user. This security flaw could lead to information disclosure, as users could potentially access data they should not have permission to view. The vulnerability is tracked as SEC-284 internally by cPanel and has been categorized as CWE-20 (Improper Input Validation).

Remediation

To address this vulnerability, system administrators should:

  1. Update cPanel to version 67.9999.103 or later as soon as possible
  2. Audit any backup archives created prior to the update for potential data leakage
  3. Consider notifying users if there's evidence that unauthorized database access occurred
  4. Review backup permissions and configurations after updating to ensure they're properly restricted
  5. Implement additional access controls for backup archives as an extra security measure

References

  1. cPanel Technical Security Release: https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/
  2. cPanel 68 Change Log: https://documentation.cpanel.net/display/CL/68+Change+Log
  3. CWE-20 (Improper Input Validation): https://cwe.mitre.org/data/definitions/20.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation
    Arts, Entertainment & Recreation
  5. Construction
    Construction
  6. Educational Services
    Educational Services
  7. Finance and Insurance
    Finance and Insurance
  8. Health Care & Social Assistance
    Health Care & Social Assistance
  9. Information
    Information
  10. Management of Companies & Enterprises
    Management of Companies & Enterprises
  11. Manufacturing
    Manufacturing
  12. Mining
    Mining
  13. Other Services (except Public Administration)
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services
    Professional, Scientific, & Technical Services
  15. Public Administration
    Public Administration
  16. Real Estate Rental & Leasing
    Real Estate Rental & Leasing
  17. Retail Trade
    Retail Trade
  18. Transportation & Warehousing
    Transportation & Warehousing
  19. Utilities
    Utilities
  20. Wholesale Trade
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database