Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise
Vulnerability Description
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.
CVSS Information
N/A
Vulnerability Type
内嵌的恶意代码
Vulnerability Title
Vesta Control Panel 安全漏洞
Vulnerability Description
Vesta Control Panel(VestaCP)是一个开源的虚拟主机控制面板。 Vesta Control Panel ee03eff版本及之前版本存在安全漏洞,该漏洞源于嵌入恶意代码,可能导致供应链攻击和管理员凭据泄露。
CVSS Information
N/A
Vulnerability Type
N/A