New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
CyberPanel v2.3.6 pre-auth RCE
Hello everyone,
We recently got information from LeakIX's NetworkGuardian about CyberPanel RCE exploits, please check below and make sure you update to latest version:
Issue description
The following CyberPanel administration interface is publicly accessible and looks out-dated :
It is critical to update to a safe version as soon as possible since multiple CVEs allow remote attackers to achieve RCE (Remote code execution) on the firewall. Those vulnerabilities are currently used in ransomware campaign and could damage your network.
Make sure you are running branch 2.3.7.
Reference:
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
Summary:
Found vulnerable CyberPanel instance
Affected by EXT-2024-003
Comments
I really want to like CyberPanel and when it's working, it's working ok, but there are a lot of minor things which make the experience super off as a user.
I opened Issues and suggested PRs for fixes and improvements but a lot of the time Issues and PRs are just ignored. The cloudAPI responses are inconsistent and even though I suggested patches, none of it was ever integrated. Docs are also outdated with lots of invalid links. Just 3 days ago I re-installed CyberPanel after almost 10 months and the API was no longer working - I kept on getting unauthorized. Had to comb through code to realize that the API token generation was switched from Base64 to SHA-256 with no documentation and existing examples straight up wrong.
CyberPanel can be better but I think they need to take some steps to make everything look more "professional" e.g. move to a GitHub org, hire someone to fix typos and grammar, improve some of the routing and buttons and so on. Open Source is awesome but it's not helpful if one doesn't use it properly.
Other panels like HestiaCP or my current favorite Coolify are pretty responsive, on the other hand.
CyberPanel is still great thanks to the LiteSpeed backing but everything else is a bit meh.
Anyone else with more CyberPanel experience who could offer insights?
To be hones I never tried personally CyberPanel, will look into it when i have time, but looks like many of our clients uses it..
Lol. If anyone with little bit of decent Python knowledge looks at that codebase they will realize it's a dumpster fire of security issues.
Unless LiteSpeed is a specific need, find it difficult to recommend. Your time would probably be better spent on another panel like Coolify.
Yes I'm aware but credit where credit is due that CyberPanel still has its niche despite the flaws. The code definitely has a lot to be desired but when I used it a year or so back, talking pure WordPress functionality, it was decent. The benefit of OpenSource is that anyone who does find more security issues can open PRs for them 😄.
I have found something interesting. I haven't touched any python for a long while. If I set executable bit for a python file without any env info in the header about where python is it actually takes screenshot for each import and saves that file with import module name. Can anyone with more knowledge shine some light?
[soc@localhost]$ ./cyberpanel.py https://1.2.3.4
import: unable to grab mouse
': No such file or directory @ error/xwindow.c/XSelectWindow/9234. import: unable to grab mouse
': No such file or directory @ error/xwindow.c/XSelectWindow/9234../cyberpanel.py: line 4: syntax error near unexpected token
(' ./cyberpanel.py: line 4:
def get_CSRF_token(client):'After executing the above exploit I was what the duck!
Wait until you read about OpenStack
It's a dumpster fire of a panel. guys avoid it.
if you want OpenLiteSpeed, spend a dime and use DirectAdmin, or even Webuzo (it has native support for OLS).
Just pay a few dollars for DirectAdmin, you wont regret later or paying with your data.
use vitualmin
This thread got closed without being linked in both directions, but the OP linked to a writeup of the bug in CyberPanel: https://lowendtalk.com/discussion/198954/cyberpanel-0day-root-rce
Said writeup is linked here (because the OP of the other thread hasn't linked it already): https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Apparently the blog post led to mass attacks on public instances, so anyone using this platform, (exposed 'publicly'), should probably look for other indicators of compromise.
This...
It's nice to have options is all. I personally used CyberPanel for a couple of months, identified certain issues, opened GitHub Issues and suggested PRs, and it was all ignored which tells you enough.
I mostly use DirectAdmin for shared hosting instances and if I do need a panel, I am currently Team Coolify. They're active and the panel is working great for me so far. I would still give CyberPanel a try but honestly it just looks oddly unprofessional from the way the forums are (dis)organized all the way to the code. It gives me the kind of vibes you get when you purchase a theme from ThemeForest for a one-off project and in a couple of months the author discontinues the theme and you're stuck with an outdated item.
To conclude: not recommended for now .
OP mentioned this already
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
decryptor:
https://x.com/leak_ix/status/1851345880231920002?s=46
I am using cyberpanel for 5+ years may be
earlier i liked it but then started hating it for their paid addons,
having addons is not a bad idea but they keep left menu links as if it is a feature (or regular page) and after clicking on it, redirects to their addon page, which is fking annoying
then i discovered OLS itself has a panel and oneclick installation script and started using that, but it is bit over work to create a website especially when each site needs different php version
so i started using cyberpanel again but seems i should look for alternatives.
i already doesn't like cyberpanel for their weird practices inside UI and now this is strong warning to move away
since i want to stick to OLS, i am having very hard time finding an alternate.
honestly i find some or other issue in every other panel.
How about fastpanel? Is it safe to use it?
they are so colorful, we like minimal UI
Yes, it is safe, but I recommend virtualmin more.
Hello jaapmarcus!
It is highly recommended to upgrade CyberPanel as soon as possible.
Important: If your files are encrypted, please see this decryption script: https://gist.github.com/gboddin/d78823245b518edd54bfc2301c5f8882#file-0-decrypt-sh
We’ve helped hundreds of users free of charge, even though some were willing to pay. Since the issue was on our end, we are assisting everyone at no cost.
Many affected users have had their issues resolved, and we are working around the clock to help the remaining ones.
I genuinely appreciate the support from the community as well.
For those who are unable to access their servers, you can apply a manual patch using the guide here: https://community.cyberpanel.net/t/manually-applying-the-patch-via-rescue-mode/56126
I also want to address some misinformation circulating. A recent blog post claimed that we committed and released a patch but did not make it an official release. This is incorrect. CyberPanel is installed directly from GitHub, so every commit to the branch is automatically included in the latest upgrades and installs, which has been in effect for over a week now.
Feel free to email us at [email protected]
We sincerely apologize for any inconvenience this has caused and thank you for your patience.
Kind Regards
CyberPanel Team
Nice ... Actively abbused by 3 hacker groups...