Security researchers are observing exploitation attempts targeting a critical Control Web Panel (CWP) vulnerability, following the publication of proof-of-concept (PoC) code in early January.
CWP, formerly known as CentOS Web Panel, is a well-liked, free web hosting panel for business-based Linux systems that provides assistance with managing and securing both servers and clients. The exploited vulnerability, identified as CVE-2022-44877 (CVSS score of 9.8), enables unauthenticated attackers to execute remote code execution (RCE) on impacted systems.
Also read: Critical Sophos Security Flaw Allows Remote Code Execution on Firewalls
According to CloudSEK’s technical analysis of the PoC, the security flaw is a functional misconfiguration that caused incorrect entries to be logged on the panel and allowed attackers to insert commands that would be executed on the server.
Read More: Exploitation of Control Web Panel Vulnerability Starts After PoC Publication
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates