Pluto Security has revealed a significant vulnerability in 12 MCP tools, allowing attackers to perform unauthorized config writes with automatic nginx reloads. An unauthenticated API call can enable malware to inject configurations and take control of nginx. Utilizing MCPwn, hackers can intercept traffic, steal admin credentials, maintain persistent access, conduct infrastructure reconnaissance through nginx configuration files, and even disable services. Although the nginx UI user base, comprised of hundreds of thousands, is much smaller than the overall nginx web server users, many installations remain internal and less exposed. However, a scan using Shodan identified 2,689 at-risk nginx UI instances that are accessible from the internet. This underscores the importance of securing nginx deployments to prevent potential exploits and protect sensitive data from malicious actors. Regular security audits and robust access controls are essential for safeguarding these vulnerable services.
Source link
Share
Read more