FortiGuard Labs is aware of a report that a patched but critical vulnerability in Control Web Panel (CWP) is being exploited in the wild. The vulnerability (CVE-2022-44877) is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Proof-of-concept code is reportedly available.Control Web Panel (formerly CentOS web panel) is a server administration user interface used to manage Linux systems.Why is this Significant?This is significant because a critical vulnerability in Control Web Panel (CVE-2022-44877) is being exploited in the wild. Previously known as “CentOS Web Panel”, Control Web Panel is a popular web-based server configuration software.Furthermore, CISA added CVE-2022-44877 to the known exploited vulnerabilities catalog on January 17, 2023. As proof-of-concept code is reportedly available, exploit attempts are expected to pick up.What is CVE-2022-44877?CVE-2022-44877 is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The vulnerability is rated critical and has a CVSS score of 9.8.What Versions of Control Web Panel are Vulnerable?Control Web Panel 7 prior to version 0.9.8.1147 are vulnerable.Has the Vendor Released a Patch for CVE-2022-44877?Yes, a patch was released in version 0.9.8.1147 on October 25, 2022.What is the Status of Protection?FortiGuard Labs released the following IPS signature in version 22.480 for CVE-2022-44877:CentOS.Web.Panel.login.Command.Injection (default action is set to “pass”)
Critical Vulnerability in Control Web Panel Exploited in the Wild
Read Time:1 Minute, 21 Second