[German]A few days ago, security researchers from Palo Alto Networks pointed out that three OpenLiteSpeed security vulnerabilities threaten the security of the web servers in question. The OpenLiteSpeed web servers are among the sixth most popular web servers in the world.
Analysis using Palo Alto's Cortex Xpanse uand a query of Shodan by Palo Alto Network revealed that LiteSpeed serves about two percent of all web server applications worldwide. Sounds small, but there are nearly 1.9 million individual servers worldwide based on this software. This shows the huge impact these vulnerabilities could have.
By exploiting the vulnerabilities, attackers could compromise the web server and achieve fully privileged remote code execution. The three vulnerabilities:
- Remote Code Execution (CVE-2022-0073), rated with high severity (CVSS 8.8): An attacker who managed to obtain the dashboard credentials could exploit the vulnerability to execute code on the server.
- Privilege Escalation (CVE-2022-0074), rated with high severity (CVSS 8.8): A misconfiguration in the PATH environment variable could be exploited for privilege escalation.
- Directory Traversal (CVE-2022-0072), rated with medium severity (CVSS 5.8): Exploitation of this vulnerability allows attackers to access any file in the web root directory.
LiteSpeed Technologies has been notified of the vulnerabilities by Palo Alto Networks and has fixed the issues from their end. Enterprises using OpenLiteSpeed versions 1.5.11 through 1.7.16 and LiteSpeed versions 5.4.6 through 6.0.11 are advised to urgently update their software to the latest version – v18.104.22.168 and 6.0.12. Palo Alto Networks has published more information about these vulnerabilities in this blog post.
Cookies helps to fund this blog: Cookie settings