TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-089-001
Countries: CN, IN
Report Date: 20180330
A highly critical flaw has been discovered in Drupal’s CMS platform that could allow attackers to take control of the site by simply visiting it. Drupal also warned an unprivileged and untrusted attacker could modify or delete data hosted on affected CMS platforms.
Impact
The security hole, which is identified as CVE-2018-7600[1], has assigned a risk score of 21/25 and can be exploited simply by accessing a page on the targeted Drupal website. Once exploited, it provides the attacker full control over a site to include access regarding non-public data and the possibility to delete or modify system data.
The Drupal developers alert (Alert: SA-CORE-2018-002) estimates over one million sites running Drupal are impacted. Affected are Drupal CMS versions before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1. Drupal 6 and 8.3.x and 8.4.x releases are also affected.
The flaw is described as, “an input validation issue where invalid query parameters could be passed into Drupal webpages,” by researchers.
Prevention and Mitigation Strategies
Drupal has posted an advisory regarding the vulnerability at https://www.drupal.org/sa-core-2018-002
Patches have also been developed. Our customers are advised to upgrade or apply the latest patches in order to fix this issue.
- If you are running 7.x, upgrade to Drupal 7.58. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
- If you are running 8.5.x, upgrade to Drupal 8.5.1. (If you are unable to update immediately, you can attempt to apply this patch to fix the vulnerability until such time as you are able to completely update.)
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7600
Comments