CISA Known Exploited Vulnerability

CVE-2024-51567 Ransomware

CyberPersons · CyberPanel

CyberPanel Incorrect Default Permissions Vulnerability

Date added 2024-11-07

BOD 22-01 due date 2024-11-28

CWE CWE-276

Ransomware Known

CISA description

CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes & references

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

External lookups