VulnWire
Critical - CVSS 9.8
Known Ransomware Use
Added 3/25/2022

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability

CVE-2019-11043
Action was due by: 4/15/2022
CISA Known Exploited Vulnerability

This vulnerability is part of CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. It has been observed in ransomware campaigns.

Overview

In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Vendor

PHP

Product

FastCGI Process Manager (FPM)

Category

Software
Technical Details

Affected Versions

See vendor advisory

Technical Description

This vulnerability was identified in FastCGI Process Manager (FPM) by PHP. In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Exploitability

High - Known ransomware exploitation

Impact

Complete system compromise possible

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2019-11043

Required Action (CISA)

Apply updates per vendor instructions.

Due Date: 4/15/2022

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11043
https://nvd.nist.gov/vuln/detail/CVE-2019-11043
https://www.cisa.gov/known-exploited-vulnerabilities-catalog