WARNING: CRITICAL RCE VULNERABILITY IN CONTROL WEB PANEL (CWP) 7 ACTIVELY EXPLOITED
CVE-2022-44877 CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Risks
Control Web Panel (CWP), formerly known as CentOS Web Panel, is a control panel for servers and Virtual Private Servers (VPS) that enables their day-to-day management.
Successful exploitation of CVE-2022-44877 has a HIGH impact on Confidentiality, Integrity, and Availability.
Additionally, exploit proof-of-concept is publicly available and attackers are actively exploiting this flaw.
Description
CVE-2022-44877 allows an attacker to execute code remotely without authentication at the same privilege level the CentOS Web Panel is installed. It was observed that in many cases the default privilege to host the installation was “root”.
Remote attackers can execute arbitrary OS commands via shell metacharacters in the login parameter using a specially crafted HTTP request.
Attackers are currently exploiting CVE-2022-44877 to launch a reverse shell. The encoded payloads are translated into Python commands and leverage the Python pty Module to call the attacker’s system and spawn a terminal on the vulnerable host.
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends Windows system administrators to take the following actions: update to Control Web Panel (CWP) 7 v0.9.8.1148.
for more information: https://control-webpanel.com/changelog#1653233365160-9848a986-1929
References
https://cloudsek.com/threatintelligence/poc-for-high-impact-rce-vulnerability-in-centos-web-panel-7-cve-2022-44877-increases-risk-of-attacks/
https://www.bleepingcomputer.com/news/security/hackers-exploit-control-web-panel-flaw-to-open-reverse-shells/
https://www.securityweek.com/exploitation-control-web-panel-vulnerability-starts-after-poc-publication