Webmin .cgi File Upload Arbitrary Command Execution Vulnerability



A vulnerability in the /updown/upload.cgi URI of Webmin could allow an unauthenticated, local attacker to execute arbitrary code on a targeted system.

The vulnerability is due to the /updown/upload.cgi URI of Webmin leveraging the Java file manager and Upload and Download privileges of Webmin. An attacker could exploit this vulnerability
by using these privileges to upload a crafted .cgi file to the affected software. A successful exploit could allow the attacker could execute arbitrary code on the targeted system.

Functional exploit code for this vulnerability is publicly available.

Webmin has not confirmed this vulnerability and software updates are unavailable.

Security Impact Rating: High

CVE: CVE-2019-9624

Source:: Cisco Multivendor Vulnerability Alerts