.png)
BOOK THIS SPACE FOR AD
ARTICLE ADThreat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP).
Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS score: 9.8), in Control Web Panel (CWP).
🚨 Ongoing mass exploitation of CVE-2022-44877 (Centos Web Panel 7 Unauthenticated Remote Code Execution).
Source: 206.189.170.136 🇺🇸
Malicious Base64 payload is a reverse shell that connects to 206.189.170.136:9181
The scanning of CWP instances started around January 06th. pic.twitter.com/PC8b9frmA9
The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online.
“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.” reads the advisory for this vulnerability.
The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.
Researchers from Grey Noise and ShadowServer confirmed that threat actors are actively exploiting the flaw.
Heads up! We are seeing CVE-2022-44877 exploitation attempts for CWP (CentOS Web Panel/Control Web Panel) instances. This is an unauthenticated RCE. Exploitation is trivial and a PoC published. Exploitation first observed Jan 6th.
Make sure to patch – https://t.co/SqOTMW6ZNG
Users are recommended to apply the security patches immediately.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Moshen Dragon)
Bengali (Bangladesh) · 
English (United States) ·