Critical Vulnerability in Control Web Panel Exploited in the Wild

Description

FortiGuard Labs is aware of a report that a patched but critical vulnerability in Control Web Panel (CWP) is being exploited in the wild. The vulnerability (CVE-2022-44877) is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Proof-of-concept code is reportedly available.

Control Web Panel (formerly CentOS web panel) is a server administration user interface used to manage Linux systems.

Why is this Significant?

This is significant because a critical vulnerability in Control Web Panel (CVE-2022-44877) is being exploited in the wild. Previously known as "CentOS Web Panel", Control Web Panel is a popular web-based server configuration software.

Furthermore, CISA added CVE-2022-44877 to the known exploited vulnerabilities catalog on January 17, 2023. As proof-of-concept code is reportedly available, exploit attempts are expected to pick up.

What is CVE-2022-44877?

CVE-2022-44877 is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The vulnerability is rated critical and has a CVSS score of 9.8.

What Versions of Control Web Panel are Vulnerable?

Control Web Panel 7 prior to version 0.9.8.1147 are vulnerable.

Has the Vendor Released a Patch for CVE-2022-44877?

Yes, a patch was released in version 0.9.8.1147 on October 25, 2022.

What is the Status of Protection?

FortiGuard Labs released the following IPS signature in version 22.480 for CVE-2022-44877:

• CentOS.Web.Panel.login.Command.Injection (default action is set to "pass")

Appendix

Tweet (@Shadowserver)

CWP Changelog (CWP)

Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877 (SecLists.Org)

CVE-2022-44877 (MITRE)

CVE-2022-44877 (NIST)

KNOWN EXPLOITED VULNERABILITIES CATALOG (CISA)