Cybersecurity specialists report the detection of a critical vulnerability in Fail2ban, an application written in Python for the prevention of intrusions in a given system. According to the report, this is a serious vulnerability that must be addressed immediately.

Tracked as CVE-2021-32749, the fault resides in the mail-whois send action and exists due to incorrect input validation. Remote threat actors might send specially crafted requests to the target system in order to execute remote code arbitrarily.

The vulnerability received a score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS) scale and its exploitation would allow threat actors to completely compromise the affected system.

This flaw was detected in the following versions of Fail2ban: 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.3.1, 0.10.4, 0.10.5, 0.10.6, 0.11.1, and 0.11.2.

Although this vulnerability could be exploited by remote threat actors through the submission of specially crafted requests, researchers have not detected any active exploit attempts or the existence of a malware variant associated with the attack.

Fail2ban developers recommend users of vulnerable deployments update as soon as possible. Patches that address this flaw are now available. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Critical remote code execution vulnerability in Fail2ban. Protect your servers appeared first on Information Security Newspaper | Hacking News.

You May Also Like

Details of a zero-day vulnerability in Windows 10 were published. Patch not available

Jonas Lyk, a cybersecurity specialist, reported the discovery of a critical vulnerability…

Critical vulnerability in OpenSea NFT platform allowed hackers to steal millions of dollars

Cybersecurity specialists report that a way has been found to exploit the…

CVE-2018-9100 & CVE-2018-9099: Vulnerabilities in Diebold Nixdorf ATMs allow easily jackpotting a machine via a black box attack. Banks should patch them immediately

A recent research published by Positive Technologies points to the discovery of…

RCE, CSRF and other critical vulnerabilities in FortiOS and FortiProxy affect various Fortinet products

Cybersecurity specialists report the detection of three vulnerabilities in Fortinet products, one…