US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog.
The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog.
The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.
Researchers warn that threat actors are actively exploiting the vulnerability in Control Web Panel (CWP).
The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online.
“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.” reads the advisory for this vulnerability.
Researchers from Grey Noise and ShadowServer confirmed that threat actors are actively exploiting the flaw.
CENTOS Web Panel RCE CVE-2022-44877 Attempt Tag is live and we’re definitely seeing activityhttps://t.co/exHHtLh7gi pic.twitter.com/CXo8WSSRag— GreyNoise (@GreyNoiseIO) January 11, 2023
Heads up! We are seeing CVE-2022-44877 exploitation attempts for CWP (CentOS Web Panel/Control Web Panel) instances. This is an unauthenticated RCE. Exploitation is trivial and a PoC published. Exploitation first observed Jan 6th. Make sure to patch – https://t.co/SqOTMW6ZNG— Shadowserver (@Shadowserver) January 11, 2023According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix these vulnerabilities by February 7, 2023.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
[adrotate banner=”9″][adrotate banner=”12″]Pierluigi Paganini
(SecurityAffairs – hacking, CISA)
The post US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.