Lock Code Circular10

CloudLinux’s security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug, leaving web servers vulnerable to code execution and tekeover.

A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers.

Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security. It offers an advanced firewall, intrusion detection and prevention, antivirus and antimalware scanning, automatic kernel patch updates, and a web-host panel integration for managing it all.

According to researchers at Cisco Talos, the bug (CVE-2021-21956) specifically resides in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code.