Background / What has happened?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of a critical vulnerability (CVE-2023-29489) affecting many versions of cPanel and cPanel managed websites.
cPanel is a very popular website and server management software. It is used extensively in Australia businesses, and amongst Australian Government.
Exploitation of the vulnerability could allow a malicious actor to perform remote code execution against any user who are served, and click, a malicious link from one of these vulnerable systems.
Despite this vulnerabilities severity being rated ‘medium’, due to the very widespread use of the service CHIPs believes that the impact of this vulnerability is quite high.
The ASD's ACSC is not aware of any public exploitation of this vulnerability. There are however public POCs and technical write-ups which increases the risk of this vulnerability being used in the future.
Affected Australian organisations should apply the available patch immediately and investigate for signs of compromise.
Mitigation / How do I stay secure?
Australian organisations that use cPanel should read cPanel disclosure TSR-2023-0001 and take the recommended actions.
Assistance / Where can I go for help?
The ASD's ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).