“This exposes 12 MCP instruments, together with config writes with automated nginx reload, to any host on the community. One unauthenticated API name is all it takes to inject a config and take over nginx,” mentioned Pluto Safety.
Leveraging MCPwn, an attacker would be capable to intercept all visitors, harvest admin credentials, keep persistent entry, conduct infrastructure reconnaissance by way of nginx configuration information, and kill the service, the corporate mentioned.
MCP assault floor
Nginx UI’s consumer base of lots of of hundreds is comparatively small in comparison with the huge international recognition of the nginx internet server. A lot of its installations will even be inner and due to this fact circuitously uncovered to distant assault. Nevertheless, utilizing Shodan, Pluto Safety was nonetheless capable of finding 2,689 weak nginx UI cases reachable from the web, it mentioned.
