The FSTEC strongly recommends applying the fixes.
On April 17, the Federal Service for Technical and Export Control (FSTEC) published information about an important update in the Netcat CMS content management system and recommended urgent installation of patches to ensure system security. Dmitry Prokhorov, an expert at Cyber OK, has identified more than a dozen vulnerabilities, most of which relate to the administrative interface and can be used by attackers to remotely attack systems running on Netcat CMS. The SKIP system tracks more than 22,000 sites based on Netcat CMS in the Russian segment of the Internet. Most of them, more than 20,500, do not restrict access to administrative interfaces, which makes it easier to implement various attacks. The presence of vulnerabilities from FSTEC notifications was confirmed on more than 15,700 sites.
10 vulnerabilities were assigned a high risk level, while BDU:2024-02962, BDU:2024-02961, and BDU:2024-02564 were assigned a critical risk level. Description of these vulnerabilities:
The vulnerabilities were fixed by the developer in CMS version Netcat 6.4.0.
All owners of sites running on Netcat CMS are urgently advised to install updates to prevent possible attacks.
Information about vulnerable Netcat instances on the perimeter is already available to customers of the SKIP product and the PentOps SKIP service.
Links to fixed vulnerabilities:
On April 17, the Federal Service for Technical and Export Control (FSTEC) published information about an important update in the Netcat CMS content management system and recommended urgent installation of patches to ensure system security. Dmitry Prokhorov, an expert at Cyber OK, has identified more than a dozen vulnerabilities, most of which relate to the administrative interface and can be used by attackers to remotely attack systems running on Netcat CMS. The SKIP system tracks more than 22,000 sites based on Netcat CMS in the Russian segment of the Internet. Most of them, more than 20,500, do not restrict access to administrative interfaces, which makes it easier to implement various attacks. The presence of vulnerabilities from FSTEC notifications was confirmed on more than 15,700 sites.
10 vulnerabilities were assigned a high risk level, while BDU:2024-02962, BDU:2024-02961, and BDU:2024-02564 were assigned a critical risk level. Description of these vulnerabilities:
- BDU:2024-02962: Netcat CMS vulnerability is related to cross-site request forgery. Exploiting the vulnerability may allow an attacker operating remotely to create a new user with administrator rights by sending a specially crafted request.
- BDU:2024-02961: The Netcat CMS vulnerability is related to the failure to take measures to protect the web page structure. Exploiting the vulnerability may allow an intruder operating remotely to gain unauthorized access to the system.
- BDU:2024-02564: The Netcat Extra site management system vulnerability is related to cross-site request forgery. Exploiting the vulnerability can allow an attacker operating remotely to bypass existing security restrictions and increase their privileges in the system by sending a specially generated request.
The vulnerabilities were fixed by the developer in CMS version Netcat 6.4.0.
All owners of sites running on Netcat CMS are urgently advised to install updates to prevent possible attacks.
Information about vulnerable Netcat instances on the perimeter is already available to customers of the SKIP product and the PentOps SKIP service.
Links to fixed vulnerabilities:
- https://bdu.fstec.ru/vul/2024-02967
- https://bdu.fstec.ru/vul/2024-02966
- https://bdu.fstec.ru/vul/2024-02965
- https://bdu.fstec.ru/vul/2024-02964
- https://bdu.fstec.ru/vul/2024-02963
- https://bdu.fstec.ru/vul/2024-02962
- https://bdu.fstec.ru/vul/2024-02961
- https://bdu.fstec.ru/vul/2024-02960
- https://bdu.fstec.ru/vul/2024-02959
- https://bdu.fstec.ru/vul/2024-02958
- https://bdu.fstec.ru/vul/2024-02957
- https://bdu.fstec.ru/vul/2024-02956
- https://bdu.fstec.ru/vul/2024-02564
