TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Vulnerability with 9.8 severity in Control Web Panel is under active exploit

Staff by Staff
January 16, 2023
in Computer
0
Vulnerability with 9.8 severity in Control Web Panel is under active exploit
465
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Getty Images

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting.

“This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. “Exploitation is trivial and a PoC published.” PoC refers to a proof-of-concept code that exploits the vulnerability.

The vulnerability is tracked as CVE-2022-44877. It was discovered by Numan Türle of Gais Cyber Security and patched in October in version 0.9.8.1147. Advisories didn’t go public until earlier this month, however, making it likely some users still aren’t aware of the threat.

Figures provided by Security firm GreyNoise show that attacks began on January 7 and have slowly ticked up since then, with the most recent round continuing through Wednesday. The company said the exploits are coming from four separate IP addresses located in the US, Netherlands, and Thailand.

Advertisement

Shadowserver shows that there are roughly 38,000 IP addresses running Control Web Panel, with the highest concentration in Europe, followed by North America and Asia.

The severity rating for CVE-2022-44877 is 9.8 out of a possible 10. “Bash commands can be run because double quotes are used to log incorrect entries to the system,” the advisory for the vulnerability stated. As a result, unauthenticated hackers can execute malicious commands during the login process. The following video demonstrates the flow of the exploit.

Centos Web Panel 7 Unauthenticated Remote Code Execution – CVE-2022-44877

The vulnerability resides in the /login/index.php component and resulted from CWP using a faulty structure when logging incorrect entries, according to the Daily Swig. The structure is: echo "incorrect entry, IP address, HTTP_REQUEST_URI" >> /blabla/wrong.log. “Since the request URI comes from the user, and as you can see it is within double quotes, it is possible to run commands such as $(blabla), which is a bash feature,” Türle told the publication.

Given the ease and severity of exploitation and the availability of working exploit code, organizations using Control Web Panel should ensure they’re running version 0.9.8.1147 or higher.



Source link

Previous Post

A Teenager Solved a Stubborn Prime Number ‘Look-Alike’ Riddle

Next Post

Airbus Begins Testing Autonomous Emergency Flight Tech

Next Post
Airbus Begins Testing Autonomous Emergency Flight Tech

Airbus Begins Testing Autonomous Emergency Flight Tech

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

11 Best Android Phones (2022): Unlocked, Cheap, Foldable

11 Best Android Phones (2022): Unlocked, Cheap, Foldable

October 9, 2022
Scientists Create AI-Powered Laser to 'Neutralize' Cockroaches

Scientists Create AI-Powered Laser to ‘Neutralize’ Cockroaches

October 1, 2022

Trending.

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

Who is the new weather man on Channel 4 Detroit?

August 24, 2022

What is a 100000 year period called?

August 23, 2022

Who recently left WDIV?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com