A Linux control panel vulnerability exploited in the wild
A command injection vulnerability that allows remote attackers to easily exploit CWP (Control Web Panel) with a crafted HTTP request which can result in Remote Code Execution. According to Shodan, there are thousands of servers that could still be vulnerable to CVE-2022-44877. This vulnerability can be leveraged to perform ransomware attacks or exfiltration of data. Learn More »
Common Vulnerabilities and Exposures
Background
Control Web Panel, formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. In the previous year, vulnerabilities (CVE-2021-45466 & CVE-2021-454667) related to CWP were released which may be used to exploit a preauth remote command execution.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
Aug 25, 2022: CWP released security patches for CVE-2022-44877 at https://control-webpanel.com/changelog#1674073133745-84af1b53-c121
Jan 17, 2023: CISA added CVE-2022-44877 to known exploited vulnerability (KEV) list at https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
FortiGuard Labs released an IPS signature and has observed attack attempts targeting the CWP vulnerability. FortiGuard Labs also recommends its customers to update their CWP to the latest version as soon as possible.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
Vulnerability
-
AV (Pre-filter)
-
IPS
-
Application Firewall
-
Outbreak Detection
-
IOC
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.