NGINX: 3 critical vulnerabilities found (Incorrect default permissions, buffer overflow and Insufficient Session Expiration)

Network penetration testing specialists have revealed the discovery of multiple security vulnerabilities in NGINX, the high-performance, open-source lightweight reverse proxy/web server with a proxy for email protocols. Exploiting these vulnerabilities can lead to scenarios such as buffer overflows or incorrect logins.

Below is a brief overview of each of the vulnerabilities found, with their respective Common Vulnerability Scoring System (CVSS) key. It should be noted that one of these vulnerabilities does not yet have a CVSS key assigned.

CVE-2020-5895: This is a buffer overflow vulnerability and its exploitation allows a remote threat actor to execute arbitrary code. This flaw exists due to a limit error when processing messages in the analytics, visibility, and reporting daemon.

Remote hackers can pass a specially crafted message to the application, generate memory corruption and execute arbitrary code on the target system. The vulnerability exists in the following versions of NGINX Controller: 3.0.0, 3.1.0, 3.2.0, 3.3.0, and successful operation can result in a total compromise of the exposed system, network penetration testing experts said.

The flaw received a score of 8.5/10 and can be exploited remotely, so it is considered high severity. It should be mentioned that at the moment there is no malware to exploit the flaw.

CVE-2020-5894: This is a logout error vulnerability that allows a remote attacker to access sensitive information. The vulnerability exists because the NGINX controller web server does not invalidate the server-side session token when users log off. The flaw received a score of 4.2/10. 

An unauthenticated remote threat actor can obtain the login token and gain unauthorized access. The failure is found in the following versions of NGINX Controller: 3.0.0, 3.1.0, 3.2.0, 3.3.0. Exploits for this flaw are unknown.

Finally, network penetration testing specialists reported finding of unsecure default permissions vulnerability. Local users with system access might view and modify the contents of the files. This condition is introduced in the following versions of NGINX Controller: 3.0.0, 3.1.0, 3.2.0, 3.3.0.

To mitigate these security risks, users are encouraged to deploy updates released by developers.

For further reports on vulnerabilities, exploits, malware variants and computer security risks you can access the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.