The Control Web Panel (CWP) is actively being targeted by hackers who are attempting to exploit a recently patched critical vulnerability (CVE-2022-44877) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. The vulnerability, which has a CVSS score of 9.8, impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control Web Panel is a popular server administration tool for enterprise-based Linux systems. Exploitation of the vulnerability started on January 6, 2023, following the availability of a proof-of-concept (PoC), disclosed by the Shadowserver Foundation and GreyNoise. In light of active exploitation in the wild, users reliant on the software are advised to apply the patches to mitigate potential threats. To check for indicators of compromise, users should check for any unusual activity on their servers and apply the patches to mitigate potential threats.
Links:
https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html
https://nvd.nist.gov/vuln/detail/CVE-2022-44877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44877
