By searching from the Internet, we know that there are nearly 30,000 public-facing websites using vBulletin worldwide, and many of them are international community forums maintained by large international companies, so the vulnerability causes huge impact.
Affected versions:vBulletin 5.x
Aug 11, 2020 Sangfor security team tracked a zero-day vulnerability, vBulletin 5.x remote code execution vulnerability.
Aug 12, 2020 Sangfor FarSight Labs reproduced this vulnerability successfully and released a vulnerability alert with remediation steps.
1. vBulletin announced that patches were available for the 5.6.0, 5.6.1, and 5.6.2 versions of vBulletin Connect. The fixes remove the PHP Module. A full patch will be included in the next build of 5.6.3 and the PHP Module will be completely removed in vBulletin 5.6.4. For affected users, please follow its official website to obtain the latest patches: https://www.vbulletin.com/.
2. Sites running older versions of vBulletin need to be upgraded to vBulletin 5.6.2 as soon as possible according to vBulletin.
vBulletin administrators can modify settings to prevent this vulnerability from being exploited by following these steps:
a) Log in to vBulletin Administrator Control Panel.
b) Click "Settings" on the left menu and click "Options" in the drop-down menu.
c) Select "General Settings" and click "Edit Settings".
d) Look for "Disable PHP, Static HTML, and Ad Module rending" and set to "YES", then Click Save.
1. For Sangfor NGAF customers, update NGAF security protection.
2. Sangfor Cloud WAF has automatically updated its database in the cloud. These users are already protected from this vulnerability without needing to perform any additional operations.
3. Sangfor Cyber Command is capable of detecting attacks which exploit this vulnerability and can alert users in real-time. Users can correlate Cyber Command to Sangfor NGAF to block an attacker's IP address.
4. Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any security issues. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.