11 June 2019

Critical security vulnerability found and resolved in the software used by ISPsystem control panels

1. ISPmanager

A critical security vulnerability is found in Exim installations running versions 4.87 to 4.91 (inclusive). It allows executing code as the root user on your server. This means that attackers can gain control of the Exim server. As ISPmanager uses Exim, panel owners can also suffer from this vulnerability.

An update to patch the vulnerability was released in Exim 4.92. Please make sure that your server runs a new version of the mail server.

How to protect yourself

Update Exim to the latest available version for your OS.

2. All ISPsystem panels

A vulnerability which allows an attacker to hijack a session of another logged-in user and take control his control panel was discovered in ISPsystem control panels before version 5.178.2. The problem is found in COREmanager, a base for all other control panels of the 5th generation.

How to protect yourself

This vulnerability was fixed in all control panels starting from 5.178.2 and later.

Check what version you are running and update it if needed. Feel free to contact our support center via Live-chat, in your client area or send your questions to sales@ispsystem.com.