Project Hyphae
Search

Control Web Panel gets ‘Ctrl-Alt-Hacked’: exploit on the loose for critical vulnerability

Share This Post

The Control Web Panel (CWP) is actively being targeted by hackers who are attempting to exploit a recently patched critical vulnerability (CVE-2022-44877) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. The vulnerability, which has a CVSS score of 9.8, impacts all versions of the software before 0.9.8.1147 and was patched by its maintainers on October 25, 2022. Control Web Panel is a popular server administration tool for enterprise-based Linux systems. Exploitation of the vulnerability started on January 6, 2023, following the availability of a proof-of-concept (PoC), disclosed by the Shadowserver Foundation and GreyNoise. In light of active exploitation in the wild, users reliant on the software are advised to apply the patches to mitigate potential threats. To check for indicators of compromise, users should check for any unusual activity on their servers and apply the patches to mitigate potential threats.

Links:

https://thehackernews.com/2023/01/alert-hackers-actively-exploiting.html

https://nvd.nist.gov/vuln/detail/CVE-2022-44877

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44877



Reach out to our incident response team for help

More To Explore

Information Security News 3-25-2024

Developer Sues Minnesota Contractor After $735K Payment Disappears Article Link: https://www.constructiondive.com/news/beck-sues-ryan-fsa-title-cybercrime/710708/ Truck-to-Truck Worm Could Infect and Disrupt Entire US Commercial Fleet Article Link: https://www.theregister.com/2024/03/22/boffins_tucktotruck_worm/ NIST’s

Information Security News 3-18-2024

Threat Actors Leaked 70 Million Records Allegedly Stolen From AT&T Article Link: https://securityaffairs.com/160627/data-breach/70m-att-records-leaked.html Former Telecom Manager Admits to Doing SIM Swaps for $1,000 Article Link:

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.