### Key Information on the Vulnerability - **Date**: June 25th, 2020 - **Title**: (0Day) CentOS Web Panel ajax_mod_security check_ip Command Injection Remote Code Execution Vulnerability - **IDs**: - ZDI-20-738 - ZDI-CAN-9707 - CVE-2020-15421 - **CVSS Score**: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - **Affected**: - Vendors: CentOS Web Panel - Products: CentOS Web Panel - **Vulnerability Details**: - Allows remote attackers to execute arbitrary code on affected instances of CentOS Web Panel without requiring authentication. - Flaw is in `ajax_mod_security.php`, where `check_ip` parameter parsing fails to properly validate user-supplied strings before executing a system call, leading to code execution as root. - **Disclosure Timeline**: - 2020-01-23: Vulnerability reported to vendor - 2020-06-25: Public advisory release coordinated with ZDI - **Research Credit**: @PaulosYibel & CasperTea - **Mitigation**: - Restrict service interaction to trusted machines using firewall rules or whitelisting for legitimate clients and servers.