Malicious actors are actively trying to take advantage of a not too long ago patched essential vulnerability in Control Web Panel (CWP) that allows elevated privileges and unauthenticated distant code execution (RCE) on vulnerable servers.
Tracked as CVE-2022-44877 (CVSS rating: 9.8), the bug impacts all variations of the software program earlier than 0.9.8.1147 and was patched by its maintainers on October 25, 2022.
Control Web Panel, previously often called CentOS Web Panel, is a well-liked server administration instrument for enterprise-based Linux methods.
“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 earlier than 0.9.8.1147 permits distant attackers to execute arbitrary OS instructions by way of shell metacharacters within the login parameter,” in response to NIST.
Gais Security researcher Numan Turle has been credited with discovering and reporting the flaw to the Control Web Panel builders.
Exploitation of the flaw is alleged to have commenced on January 6, 2023, following the availability of a proof-of-concept (PoC), the Shadowserver Foundation and GreyNoise disclosed.
“This is an unauthenticated RCE,” Shadowserver mentioned in a collection of tweets, including, “exploitation is trivial.”
GreyNoise mentioned that it has noticed 4 distinctive IP addresses trying to take advantage of CVE-2022-44877 up to now, two of that are positioned within the U.S. and one every from the Netherlands and Thailand.
In mild of lively exploitation within the wild, customers reliant on the software program are suggested to use the patches to mitigate potential threats.
This just isn’t the primary time comparable flaws have been found in CWP. In January 2022, two essential points had been recognized within the internet hosting panel that would have been weaponized to realize pre-authenticated distant code execution.