Alert Logic® is actively researching an unrestricted file upload vulnerability that was discovered in the “jQuery_file_upload” plugin for jQuery. This code is routinely reused by other software, particularly within CMS plugins. This has a significant potential impact across a large range of target systems.
Vulnerability Description
The CVE-2018-9206 vulnerability was published by Akamai in early October 2018. The vulnerability allows unauthenticated attackers to upload any file to the victim server (web shells or malware). These malicious payloads could then be used to provide remote control over the victim host and allow further attacks (such as data exfiltration) or lateral movement on to other hosts in the network. This vulnerability allows attackers to eventually take over complete control of a vulnerable host once exploited.
Alert Logic Coverage
The Alert Logic IDS has had signatures in place to detect exploits of CVE-2018-9206 since May 2018.
In addition, Alert Logic is developing scan content that will be able to detect if the customer asset is vulnerable to this threat.
For more information on this vulnerability, refer to our CMS jQuery File Upload knowledge base article.
Recommendations for Mitigation
The following mitigations have been provided by BlueImp:
- https://github.com/blueimp/jQuery-File-Upload/blob/master/SECURITY.md
- https://github.com/blueimp/jQuery-File-Upload/blob/master/VULNERABILITIES.md#remote-code-execution-vulnerability-in-the-php-component
Note: Ensure that all software is updated to the latest versions.
Updates
We will update this section with new information about this jQuery Plugin Code vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click the FOLLOW button at the top of this article.
Note: You must sign in with your Alert Logic product credentials to follow this article.
10/22/18: Vulnerability scan coverage is now available to identify vulnerable assets.
Comments
1 comment
Vulnerability scanning coverage was released on October 22, 2018, to identify assets vulnerable to CVE-2018-9206.
Please sign in to leave a comment.