Threat actors abuse the critical flaw on the Control Web Panel

January 24, 2023
Threat Actors Vulnerability Abuse Critical Flaw Control Web Panel CWP Cent OS

A new incident has found hackers exploiting a critical vulnerability patched in the Control Web Panel tool for sorting servers. This tool is previously known as the CentOS Web Panel.

Security researchers identified the critical flaw as CVE-2022-44877 and received a severity score of 9.8. The newly discovered bug allows a threat actor to execute code remotely within authentication.

Earlier this year, a security researcher who reported the flaw in October published a proof-of-concept for the exploit and a video demonstrating how it runs. Unfortunately, a few days later, it was found that some hackers exploited the reported flaw to access unpatched systems remotely.

Moreover, the attackers sought out more vulnerable devices to abuse the flaw.

 

The latest version of the Control Web Panel was released last year to address the CVE.

 

Control Web Panel version 0.9.8[.]1147 was released in October last year to fix the CVE that affected the previous versions of the tool.

In addition, an analysis of the Proof-of-Concept exploit code is available on an online forum, which ran a search for Control Web Panel servers on the Shodan platform. The investigation found over 400,000 CWP flawed instances accessible on the internet.

A separate researcher who observed the vulnerability abuse noted that they scanned about 38,000 CWP instances daily. However, the regarded figure does not represent the exact vulnerable machines but only the population identified by the platform. Hence, there could be more compromised devices.

The attackers are locating vulnerable hosts to exploit CVE-2022-44877 to spread a terminal for communicating with a targeting device.

In other attacks, the threat actors utilise the critical flaw to initiate a reverse shell. The encoded payloads transform into Python commands that call the attacker’s machine and deploy a terminal on the compromised host through the Python module.

Lastly, some minor attacks are looking to spot vulnerable machines. It is still a mystery if the search is conducted by analysts or attackers looking to discover breach-prone devices.

Exploiting the CVE-2022-44877 is a straightforward task that could allow hackers to identify vulnerable targets with little to no effort.

About the author

Leave a Reply