Malicious actors are actively seeking to exploit a critical vulnerability in the recently patched Control Web Panel (CWP). This vulnerability allows elevated privileges and unauthenticated remote code execution (RCE) on vulnerable servers.
tracked as CVE-2022-44877 (CVSS score: 9.8), the bug affected all versions of the software prior to 0.9.8.1147 and was patched by the maintainers on October 25, 2022.
Control Web Panel, formerly known as CentOS Web Panel, is a popular server management tool for enterprise-based Linux systems.
According to NIST, “The login/index.php in CWP (a.k.a. Control Web Panel or CentOS Web Panel) 7 prior to 0.9.8.1147 allowed remote attackers to execute arbitrary OS commands via shell metacharacters in login parameters. can run.”
Gais Security researcher Numan Turle gets credit for discovering this flaw and reporting it to the control web panel.
Exploitation of this vulnerability is said to have started on January 6, 2023, after a proof of concept (PoC) revealed by the Shadowserver Foundation and GreyNoise became available.
“This is an unauthenticated RCE”, Shadowserver Said In a series of tweets, he added that “exploitation is trivial.”
GrayNoise said it has seen four unique IP addresses attempting to exploit CVE-2022-44877 so far. Two of them are in the United States, one each in the Netherlands and Thailand.
Given that exploits are in the wild, users relying on the software are encouraged to apply patches to mitigate potential threats.
This is not the first time similar flaws have been found in CWP. In January 2022, at the host panel he identified two critical issues. These issues may have been weaponized to achieve pre-authenticated remote code execution.
