- Control Web Panel (CWP) is a system administration tool for Enterprise-based Linux operating systems.
- Control Web Panel, also known as CentOS Web Panel, is installed on more than 200,000 unique servers.
- The previously patched vulnerability is being targeted by attackers again, at around the same time as last year when a similar incident occurred.
Control Web Panel (CWP), also known as CentOS Web Panel, is a Linux control panel for system administrators and web hosting companies. It has recently been targeted by hackers trying to abuse the bug that can be tracked as CVE-2022-44877, with a severity score of 9.8. We covered a vulnerability case just like this regarding two Control Web Panel critical flaws at the start of 2022. The start of a new year seems to be a “vulnerable time” for Control Web Panel.
The vulnerability targeted again
According to the National Vulnerability Database (NVD), login/index.php in CWP 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The bug impacts all versions of the software before version 0.9.8.1147 and was spotted and patched by Numan Türle of Gais Security.
According to the Shadowserver Foundation and GreyNoise, the weakness was exploited again in January of 2023, when a proof-of-concept (PoC) became available. It was discovered that the installation was being hosted with the ‘root’ privilege, which is comparable to Windows’ ‘Administrator’ capability. As always, users are highly recommended to update to the latest version to mitigate the risk of a cyber attack.