Hackers are currently exploiting a critical vulnerability that was recently patched in Control Web Panel (CWP), a tool used for managing servers. The vulnerability, identified as CVE-2022-44877, received a severity score of 9.8 out of 10 and allows an attacker to execute code remotely without authentication.
On January 3, researcher Numan Türle of Gais Cyber Security, who had reported the issue around October of last year, published a proof-of-concept (PoC) exploit and a video demonstrating its capabilities. Just three days later, security researchers noticed hackers actively exploiting the flaw to gain remote access to unpatched systems and to locate more vulnerable machines.
CWP version 0.9.8.1147 was released on October 25, 2022 to fix the vulnerability, which affects previous versions of the panel. A technical analysis of the PoC exploit code is available from CloudSek, who found over 400,000 CWP instances accessible over the internet using the Shodan platform.
Researchers at the Shadowserver Foundation observed the exploitation of the vulnerability and noted that their scans see around 38,000 CWP instances every day. However, it is important to note that this figure does not represent the number of vulnerable machines, but the population seen by the platform.
Malicious activity recorded by Shadowserver and shared with BleepingComputer revealed that attackers are finding vulnerable hosts and exploiting the vulnerability to spawn a terminal for interaction with the machine. In some cases, hackers are using the exploit to start a reverse shell, which allows the attacker to control the vulnerable host remotely.
Research company GreyNoise also observed several attacks on unpatched CWP hosts from IP addresses in the United States, Thailand, and the Netherlands.
It is clear that leveraging the CVE-2022-44877 vulnerability is easy, and with exploit code already publicly available, all hackers have to do is find vulnerable targets. Administrators should take immediate action and update CWP to the latest version available, which is currently 0.9.8.1148, released on December 1, 2022.
In light of this serious vulnerability, it is crucial for all CWP users to ensure that their systems are updated to the latest version in order to protect themselves from potential attacks. The consequences of not patching this vulnerability could be severe, as attackers can gain unauthorized access to sensitive information, disrupt operations, and cause financial damage. Therefore, it is essential to prioritize the security of your systems and take the necessary steps to protect yourself from potential attacks.