Control Web Panel gets ‘Ctrl-Alt-Hacked’: exploit on the loose for critical vulnerability

Share This Post

The Control Web Panel (CWP) is actively being targeted by hackers who are attempting to exploit a recently patched critical vulnerability (CVE-2022-44877) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. The vulnerability, which has a CVSS score of 9.8, impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control Web Panel is a popular server administration tool for enterprise-based Linux systems. Exploitation of the vulnerability started on January 6, 2023, following the availability of a proof-of-concept (PoC), disclosed by the Shadowserver Foundation and GreyNoise. In light of active exploitation in the wild, users reliant on the software are advised to apply the patches to mitigate potential threats. To check for indicators of compromise, users should check for any unusual activity on their servers and apply the patches to mitigate potential threats.

Links:

https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html

https://nvd.nist.gov/vuln/detail/CVE-2022-44877

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44877



Reach out to our incident response team for help

More To Explore

Information Security News – 8/18/2025

DEF CON Research Takes Aim at ZTNA, Calls It a Bust Article Link: https://www.networkworld.com/article/4039042/def-con-research-takes-aim-at-ztna-calls-it-a-bust.html Personalization in Phishing: Advanced Tactics for Malware Article Link: https://cofense.com/blog/personalization-in-phishing-advanced-tactics-for-malware-delivery Gemini

Information Security News – 8/11/2025

St. Paul, Minnesota, Hit by Major Cyber Attack, State of Emergency Declared, National Guard Deployed Article Link: https://www.cpomagazine.com/cyber-security/st-paul-minnesota-hit-by-major-cyber-attack-state-of-emergency-declared-national-guard-deployed/ Google Breached — What We Know, What

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.