CVEFinder.io

CVE-2024-45692

⚠️ high
🔍 Scan for this CVE
Summary

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2024-09-04
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 330,193 vulnerabilities in our database.

#102,656
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Sep 5, 2024
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
YES
Can be exploited automatically
💥 Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2024-09-05
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-835

📦 Affected Products 2

Vendor Product Status Affected Versions
webmin webmin Affected
< 2.202
virtualmin virtualmin Affected
< 7.20.2

🔗 References 3

https://cispa.de/en/loop-dos
Technical Description
https://webmin.com
Product
https://www.openwall.com/lists/oss-security/2024/09/...
Mailing List

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-22678 🔶 medium 5.4 0.0 Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the ... 2026-05-21
CVE-2025-67738 ⚠️ high 8.5 0.1 squid/cachemgr.cgi in Webmin before 2.600 does not properly quote arguments. This is relevant if Webmin's Squid module a... 2025-12-11
CVE-2025-61541 ⚠️ high 7.1 0.1 Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset l... 2025-10-16
CVE-2024-12828 ⚠️ high 8.8 21.7 Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute ... 2024-12-30
CVE-2024-36450 🔶 medium 5.4 0.2 Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exp... 2024-07-10
CVE-2024-36451 ⚠️ high 8.8 0.2 Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2... 2024-07-10
These CVEs affect the same products