Palo Alto researcher found three different vulnerabilities in the open source openlightspeed Web server. These vulnerabilities also affect enterprise version
1. Remote Code Execution -CVE-2022-0073 CVSS 8.8
2. Privilege Escalation CVE-2022-0074 CVSS 8.8
3. Directory Traversal CVE-2022-0072
Lightspeed a Web server increases with performance and scalability of web hosting platforms through its unique event driven architecture, and it has the capability of serving thousand of clients simultaneously with minimum usage such as memory and CPU
Unit 42 responsibly disclosed the vulnerabilities to LiteSpeed Technologies with suggested remediation on Oct. 4, 2022. LiteSpeed Technologies swiftly released a patch version (v1.7.16.1) on Oct. 18, 2022, to mitigate the reported vulnerabilities.
Organizations using OpenLiteSpeed versions 1.5.11 up to 1.7.16 and LiteSpeed versions 5.4.6 up to 6.0.11 are advised to update their software to the latest matching release – v1.7.16.1 and 6.0.12.
Read Full report HERE

No comments:
Post a Comment