Privilege Escalation in LiteSpeed cPanel Plugin
A severe security vulnerability in the LiteSpeed User-End cPanel Plugin is currently being actively exploited in the wild. The flaw involves an incorrect privilege assignment that allows any cPanel user, including an attacker or a compromised account, to abuse the plugin’s lsws.redisAble function to execute arbitrary scripts with root-level permissions. The vulnerability affects all plugin versions between 2.3 and 2.4.4. LiteSpeed’s WHM plugin is not impacted by this issue.
Patch and Mitigation Steps
LiteSpeed has addressed the vulnerability in version 2.4.5 of the cPanel plugin. Security researcher David Strydom is credited with discovering and reporting the flaw. LiteSpeed confirmed active exploitation but declined to share additional attack details. Server administrators can check for compromise by running a grep command against cPanel logs for the redisAble function. Any output indicates a potential breach, and affected IP addresses should be investigated and blocked if they are not legitimate.
Recommended Actions
After conducting a security review of both its cPanel and WHM plugins following this discovery, LiteSpeed has patched additional potential attack vectors and released cPanel plugin version 2.4.7 as part of WHM plugin version 5.3.1.0. Users should upgrade to LiteSpeed WHM Plugin version 5.3.1.0 to fully patch the vulnerability. If immediate patching is not possible, it is recommended to uninstall the user-end plugin using the provided command until a proper update can be applied.
Source: The Hacker News
