Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

Threat actors exploit Control Web Panel RCESecurity Affairs

admin by admin
January 12, 2023
in Cyber News


Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP).

Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS score: 9.8), in Control Web Panel (CWP).

🚨 Ongoing mass exploitation of CVE-2022-44877 (Centos Web Panel 7 Unauthenticated Remote Code Execution).

Source: 206.189.170.136 🇺🇸

Malicious Base64 payload is a reverse shell that connects to 206.189.170.136:9181

The scanning of CWP instances started around January 06th. pic.twitter.com/PC8b9frmA9

— Germán Fernández (@1ZRR4H) January 11, 2023

The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online.

“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.” reads the advisory for this vulnerability.

The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.

Researchers from Grey Noise and ShadowServer confirmed that threat actors are actively exploiting the flaw.

Heads up! We are seeing CVE-2022-44877 exploitation attempts for CWP (CentOS Web Panel/Control Web Panel) instances. This is an unauthenticated RCE. Exploitation is trivial and a PoC published. Exploitation first observed Jan 6th.

Make sure to patch – https://t.co/SqOTMW6ZNG

— Shadowserver (@Shadowserver) January 11, 2023

Users are recommended to apply the security patches immediately.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Moshen Dragon)


Share On







Source link

Previous Post

Alibaba exiting India? Paytm-owned stocks seeing selloff –

 Next Post

NSA director urges Congress to renew controversial intelligence authority
Next Post

NSA director urges Congress to renew controversial intelligence authority

Recommended

Coinbase Custody holds 635,000 BTC on behalf of Grayscale that refuses to share proof of reserves

3 months ago

Medibank confirms ransomware attack impacting 9.7M customersSecurity Affairs

3 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.