Critical remote code execution vulnerability in Fail2ban. Protect your servers

Cybersecurity specialists report the detection of a critical vulnerability in Fail2ban, an application written in Python for the prevention of intrusions in a given system. According to the report, this is a serious vulnerability that must be addressed immediately.

Tracked as CVE-2021-32749, the fault resides in the mail-whois send action and exists due to incorrect input validation. Remote threat actors might send specially crafted requests to the target system in order to execute remote code arbitrarily.

The vulnerability received a score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS) scale and its exploitation would allow threat actors to completely compromise the affected system.

This flaw was detected in the following versions of Fail2ban: 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.9.7, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.3.1, 0.10.4, 0.10.5, 0.10.6, 0.11.1, and 0.11.2.

Although this vulnerability could be exploited by remote threat actors through the submission of specially crafted requests, researchers have not detected any active exploit attempts or the existence of a malware variant associated with the attack.

Fail2ban developers recommend users of vulnerable deployments update as soon as possible. Patches that address this flaw are now available. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.