Critical Vulnerability in Control Web Panel (CWP7) for CentOS 7 / 8
A critical remote code execution (RCE) and elevation of privilege vulnerability in the Control Web Panel (CWP7) for CentOS 7 / 8 is being exploited
Summary
A critical remote code execution (RCE) and elevation of privilege vulnerability in the Control Web Panel (CWP7) for CentOS 7 / 8 is being exploited
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Control Web Panel (CWP7) for CentOS 7 / 8 , formerly known as CentOS Web Panel, is a popular server administration tool for enterprise-based Linux systems. In October 2022, CWP released an update to address a privilege escalation and remote code execution vulnerability known as CVE-2022-44877 with a CVSS score of 9.8. A proof-of-concept was released in early January 2023 and there has been an increase in external reports of attempted exploitation.
According to the US National Institute of Standards and Technology (NIST) the function "login/index.php" allows a remote attacker to execute arbitrary OS commands via shell metacharacters in the login parameters. An unauthenticated, remote attacker could exploit this vulnerability to take control of an affected system.
Proof-of-Concept and exploitation attempts for CVE-2022-44877
A proof-of-concept for CVE-2022-44877 has been released and there are external reports of attempted exploitation of the vulnerability.
Remediation advice
Affected organisations are encouraged to review Control Web Panel (CWP7) for CentOS 7 changelog and apply any relevant updates.
Definitive source of threat updates
Last edited: 12 January 2023 2:08 pm