Control Web Panel gets ‘Ctrl-Alt-Hacked’: exploit on the loose for critical vulnerability

Share This Post

The Control Web Panel (CWP) is actively being targeted by hackers who are attempting to exploit a recently patched critical vulnerability (CVE-2022-44877) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. The vulnerability, which has a CVSS score of 9.8, impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control Web Panel is a popular server administration tool for enterprise-based Linux systems. Exploitation of the vulnerability started on January 6, 2023, following the availability of a proof-of-concept (PoC), disclosed by the Shadowserver Foundation and GreyNoise. In light of active exploitation in the wild, users reliant on the software are advised to apply the patches to mitigate potential threats. To check for indicators of compromise, users should check for any unusual activity on their servers and apply the patches to mitigate potential threats.

Links:

https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html

https://nvd.nist.gov/vuln/detail/CVE-2022-44877

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44877



Reach out to our incident response team for help

More To Explore

Information Security News – 7/28/2025

U.S. Nuclear Weapons Department Compromised in SharePoint Attack Article Link: https://www.neowin.net/news/us-nuclear-weapons-department-compromised-in-sharepoint-attack/ Humans Can Be Tracked with Unique ‘Fingerprint’ Based on How Their Bodies Block Wi-Fi

Information Security News – 7/21/2025

Google Gemini Flaw Hijacks Email Summaries for Phishing Article Link: https://www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/   Hackers Exploit a Blind Spot Hiding Malware Inside DNS Records Article Link: https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.