TR-20-789 (cPanel Güvenlik Güncellemesi)

Genel Bilgi

cPanel servisinde bulunan XSS ve RCE zafiyetlerine yönelik güvenlik güncellemesi yayınladı.

Etki

Mevcut güvenlik açıklıkları nedeniyle siber saldırganların CVE-2020-26115, CVE-2020-26098, CVE-2020-26099, CVE-2020-26100, CVE-2020-26101, CVE-2020-26102, CVE-2020-26103, CVE-2020-26104, CVE-2020-26105, CVE-2020-26106, CVE-2020-26107, CVE-2020-26108, CVE-2020-26109, CVE-2020-26110, CVE-2020-26111, CVE-2020-26112, CVE-2020-26113 ve CVE-2020-26114 kodlu zafiyetleri kullanarak saldırılarını gerçekleştirmeleri ihtimal dâhilindedir.

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM) kullanıcı ve sistem yöneticilerine açıklık dokümanını gözden geçirmelerini ve gerekli güncellemeleri yapılmasını tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26098

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26099

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26100

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26101

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26102

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26103

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26104

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26105

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26106

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26107

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26115

2020-09-25