Parallels Plesk 11.0.9 CGI Wrapper /usr/sbin/suexec code injection
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.7 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in Parallels Plesk 11.0.9. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/suexec of the component CGI Wrapper. This manipulation causes code injection. This vulnerability is tracked as CVE-2013-0132. No exploit exists. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability has been found in Parallels Plesk 11.0.9 (Hosting Control Software) and classified as problematic. Affected by this vulnerability is some unknown functionality of the file /usr/sbin/suexec of the component CGI Wrapper. The manipulation with an unknown input leads to a code injection vulnerability. The CWE definition for the vulnerability is CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.
The weakness was disclosed 04/10/2013 by Ronald Volgers (DiGiT) with Pine Digital Security as 115942 as not defined advisory (Website). The advisory is shared at kb.parallels.com. The public release has been coordinated in cooperation with Parallels. This vulnerability is known as CVE-2013-0132 since 12/06/2012. An attack has to be approached locally. The exploitation doesn't need any form of authentication. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1059 for this issue.
The commercial vulnerability scanner Qualys is able to test this issue with plugin 12669 (Plesk Panel Privilege Escalation Vulnerabilities).
Applying a patch is able to eliminate this problem. It is possible to mitigate the problem by applying the configuration setting Disable mod_php/mod_python/mod_perl. The best possible mitigation is suggested to be patching the affected component. A possible mitigation has been published 2 days after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (83378), SecurityFocus (BID 59020†), OSVDB (92314†), Secunia (SA52998†) and Vulnerability Center (SBV-39291†). Additional details are provided at kb.cert.org. The entry VDB-8438 is pretty similar. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.parallels.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.7
VulDB Base Score: 5.9
VulDB Temp Score: 5.7
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Config: Disable mod_php/mod_python/mod_perl
Timeline
12/06/2012 🔍04/10/2013 🔍
04/10/2013 🔍
04/10/2013 🔍
04/12/2013 🔍
04/15/2013 🔍
04/18/2013 🔍
04/19/2013 🔍
04/22/2013 🔍
08/13/2024 🔍
Sources
Vendor: parallels.comAdvisory: 115942
Researcher: Ronald Volgers (DiGiT)
Organization: Pine Digital Security
Status: Not defined
Coordinated: 🔍
CVE: CVE-2013-0132 (🔍)
GCVE (CVE): GCVE-0-2013-0132
GCVE (VulDB): GCVE-100-8437
CERT: 🔍
X-Force: 83378
SecurityFocus: 59020 - Parallels Plesk Panel '/usr/sbin/suexec' Local Security Bypass Vulnerability
Secunia: 52998 - Parallels Plesk Panel Privilege Escalation Vulnerabilities, Less Critical
OSVDB: 92314
Vulnerability Center: 39291 - Parallels Plesk Panel 11.0.9 suexec Implementation Allows Remote PHP Code Execution via a Crafted Request, Medium
Misc.: 🔍
See also: 🔍
Entry
Created: 04/19/2013 10:48Updated: 08/13/2024 01:02
Changes: 04/19/2013 10:48 (70), 04/28/2017 08:54 (10), 08/13/2024 01:02 (17)
Complete: 🔍
Cache ID: 216:61F:103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.