November 22, 2021 By Tara Seals
CloudLinux’ security platform for Linux-based websites and web servers contains a high-severity PHP deserialization bug.
A high-severity security vulnerability in CloudLinux’s Imunify360 cybersecurity platform could lead to arbitrary code execution and web-server takeover, according to researchers.
Imunify360 is a security platform for Linux-based web servers that allows users to configure various settings for real-time website protection and web-server security. It offers an advanced firewall, intrusion detection and prevention, antivirus and antimalware scanning, automatic kernel patch updates and a web-host panel integration for managing it all.
According to researchers at Cisco Talos, the bug (CVE-2021-21956) specifically exists in the Ai-Bolit scanning functionality of the Imunift360, which allows webmasters and site administrators to search for viruses, vulnerabilities and malware code.
