Hackers target and exploit major Control Web Panel security flaw

By Scott Marlette Last updated Jan 13, 2023

Threat actors are abusing a known vulnerability in Control Web Panel (CWP) to start reverse shells and execute malicious code remotely.

Researcher Numan Türle from Gais Cyber Security released a YouTube video showing how the vulnerability can be exploited. Three days later, researchers observed an uptick in the abuse of the flaw, which is tracked as CVE-2022-44877, and carries a severity score of 9.8/10 – critical.

The fix for the vulnerability being abused was released in late October 2022, but ever since a security researcher published a proof-of-concept (PoC), hackers picked up the pace.

Reverse shell

The potential attack surface is quite large. CloudSek, which analyzed the PoC, says running a search for CWP servers on Shodan brings back more than 400,000 internet-accessible instances. While not all of those are obviously vulnerable, it shows that the flaw has quite the destructive potential. Furthermore, Shadowserver Foundation’s researchers claim some 38,000 CWP instances pop up every day.

Endpoints (opens in new tab) that really are vulnerable are being exploited to spawn an interaction terminal, researchers say. Starting a reverse shell, hackers would convert encoded payloads to Python commands which would reach out to the attacker’s devices and spawn a terminal with the Python pty Module. However, not all hackers are that fast – some are just scanning for vulnerable machines, possibly to prepare for future attacks, researchers speculate.

The worst thing about abusing CVE-2022-44877 in attacks is that it has gotten super easy, especially after the exploit code was made public. All hackers have to do now is find vulnerable targets which, according to the publication, is a “menial task”.

CWP version 0.9.8.1147, which addresses this issue, was released on October 25, 2022. IT admins are urged to apply this fix, or even better – update CWP to the current version of 0.9.8.1148, published in early December.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.