{"id":3123,"date":"2018-04-12T12:59:45","date_gmt":"2018-04-12T19:59:45","guid":{"rendered":"https:\/\/zed.inguardians.com\/?p=3123"},"modified":"2019-08-19T13:41:12","modified_gmt":"2019-08-19T20:41:12","slug":"drupal-cms-high-critical-remote-code-execution-vulnerability","status":"publish","type":"post","link":"https:\/\/zed.inguardians.com\/brief\/drupal-cms-high-critical-remote-code-execution-vulnerability\/","title":{"rendered":"Drupal CMS High-Critical Remote Code Execution Vulnerability"},"content":{"rendered":"<h5 class=\"et_pb_toggle_title\">\u00a0Drupal CMS High-Critical Remote Code Execution Vulnerability<\/h5>\n<div class=\"et_pb_toggle_content clearfix\">\n<p><strong>Issue<\/strong><br \/>\nSecurity researchers have discovered and publicly released several Highly-Critical Remote Code Execution (RCE) vulnerabilities in Drupal versions 7 through 8.5, as well as the end-of-lifed version 6. \u00a0Due to the serious nature of these remote code execution vulnerabilities, Drupal has released patches for older, unsupported versions including version 6.<\/p>\n<p>The Drupal Content Management System (CMS) powers 6% of the 10,000 most popular public web sites. Over 647,000 publicly-accessible web sites use this software. This may increase the risk that bad actors may either quickly attack companies running Drupal or will create and release malware targeting this software.<\/p>\n<p>Remote code execution vulnerabilities like these allow an attacker to execute code of their own choosing on an unpatched installation. This could ultimately result in full system compromise and\/or allow the attacker to move laterally to compromise other machines, including those on internal network segments.<\/p>\n<p>InGuardians often finds that organizations do not have an accurate inventory of Internet-facing hosts or the applications which they host. \u00a0In these cases, application vulnerabilities are particularly challenging to defend, as it is impossible to update software that isn\u2019t known to the patch management staff.<\/p>\n<p><strong>Impact<\/strong><br \/>\nUnless Drupal CMS versions are updated to 7.58 or 8.51, \u00a0it is possible for an attacker to gain full control of the affected system. Drupal CMS version 6 permits the same behavior unless patched against SA-CORE-2018-2. Depending on the attacker\u2019s skillset, as well as the defender\u2019s level of network segmentation, it is possible that an attacker could take full control of the defender\u2019s infrastructure.<\/p>\n<p><strong>Recommendations<\/strong><br \/>\nInGuardians recommends immediate patching of the Drupal content management system (CMS) across all versions. \u00a0Until such time as a patch can be applied, InGuardians recommends that affected organizations restrict access severely to a few trusted IP addresses. \u00a0This restriction should only be utilized to perform appropriate upgrades and patches, before restoring full access.<\/p>\n<p>This is also the perfect opportunity to undergo an aggressive look at internet-facing resources in order to develop an accurate inventory, with the intent of finding previously unknown assets including Drupal. \u00a0Upon completion of internet-facing asset discovery, InGuardians recommends performing a similar discovery on internal network segments.<\/p>\n<p><strong>Additional Resources\u00a0<\/strong><br \/>\nDrupal core \u2013 Highly critical \u2013 Remote Code Execution \u2013 SA-CORE-2018-002<br \/>\nhttps:\/\/www.drupal.org\/sa-core-2018-002<br \/>\nFAQ about [Security Advisory] SA-CORE-2018-002<br \/>\nhttps:\/\/groups.drupal.org\/security\/faq-2018-002<br \/>\n[Content Management System] CMS Usage Statistics<br \/>\nhttps:\/\/trends.builtwith.com\/cms<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0Drupal CMS High-Critical Remote Code Execution Vulnerability Issue Security researchers have discovered and publicly released several Highly-Critical Remote Code Execution (RCE) vulnerabilities in Drupal versions 7 through 8.5, as well as the end-of-lifed version 6. \u00a0Due to the serious nature of these remote code execution vulnerabilities, Drupal has released patches for older, unsupported versions including [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[169],"tags":[125,157,149,128,154,156,155],"_links":{"self":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3123"}],"collection":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/comments?post=3123"}],"version-history":[{"count":1,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3123\/revisions"}],"predecessor-version":[{"id":3124,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/posts\/3123\/revisions\/3124"}],"wp:attachment":[{"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/media?parent=3123"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/categories?post=3123"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zed.inguardians.com\/wp-json\/wp\/v2\/tags?post=3123"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}