Project Hyphae

Control Web Panel gets ‘Ctrl-Alt-Hacked’: exploit on the loose for critical vulnerability

Share This Post

The Control Web Panel (CWP) is actively being targeted by hackers who are attempting to exploit a recently patched critical vulnerability (CVE-2022-44877) that enables elevated privileges and unauthenticated remote code execution (RCE) on susceptible servers. The vulnerability, which has a CVSS score of 9.8, impacts all versions of the software before and was patched by its maintainers on October 25, 2022. Control Web Panel is a popular server administration tool for enterprise-based Linux systems. Exploitation of the vulnerability started on January 6, 2023, following the availability of a proof-of-concept (PoC), disclosed by the Shadowserver Foundation and GreyNoise. In light of active exploitation in the wild, users reliant on the software are advised to apply the patches to mitigate potential threats. To check for indicators of compromise, users should check for any unusual activity on their servers and apply the patches to mitigate potential threats.


More To Explore

Information Security News 1-23-2023

MailChimp Discloses New Breach After Employees Got Hacked Article Link: T-Mobile Suffers 8th Data Breach in Less Than 5 Years Article Link: Hackers

BianLian Ransomware Decryptor Made Public

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.