Jan 12, 2023Ravie Lakshmanan
Malicious actors are actively attempting to exploit a recently
patched critical vulnerability in Control Web Panel (CWP) that
enables elevated privileges and unauthenticated remote code
execution (RCE) on susceptible servers.
Tracked as CVE-2022-44877 (CVSS score: 9.8),
the bug impacts all versions of the software before 0.9.8.1147 and
was patched[1]
by its maintainers on October 25, 2022.
Control Web Panel, formerly known as CentOS Web Panel, is a
popular server administration tool for enterprise-based Linux
systems.
“login/index.php in CWP (aka Control Web Panel or CentOS Web
Panel) 7 before 0.9.8.1147 allows remote attackers to execute
arbitrary OS commands via shell metacharacters in the login
parameter,” according to NIST[2].
Gais Security researcher Numan Turle has been credited with
discovering and reporting the flaw to the Control Web Panel.
Exploitation of the flaw is said to have commenced on January 6,
2023, following the availability[3]
of a proof-of-concept (PoC), the Shadowserver Foundation and
GreyNoise disclosed.
“This is an unauthenticated RCE,” Shadowserver[4]
said[5]
in a series of tweets, adding, “exploitation is trivial.”
GreyNoise said that it has observed[6]
four unique IP addresses attempting to exploit CVE-2022-44877 to
date, two of which are located in the U.S. and one each from the
Netherlands and Thailand.
In light of active exploitation in the wild, users reliant on
the software are advised to apply the patches to mitigate potential
threats.
This is not the first time similar flaws have been discovered in
CWP. In January 2022, two critical issues were identified[7]
in the hosting panel that could have been weaponized to achieve
pre-authenticated remote code execution.
Found this article interesting? Follow us on Twitter [8]
and LinkedIn[9]
to read more exclusive content we post.
References
Read more https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html