Critical Vulnerability in Control Web Panel Exploited in the Wild

Description

FortiGuard Labs is aware of a report that a patched but critical vulnerability in Control Web Panel (CWP) is being exploited in the wild. The vulnerability (CVE-2022-44877) is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. Proof-of-concept code is reportedly available.


Control Web Panel (formerly CentOS web panel) is a server administration user interface used to manage Linux systems.


Why is this Significant?

This is significant because a critical vulnerability in Control Web Panel (CVE-2022-44877) is being exploited in the wild. Previously known as "CentOS Web Panel", Control Web Panel is a popular web-based server configuration software.


Furthermore, CISA added CVE-2022-44877 to the known exploited vulnerabilities catalog on January 17, 2023. As proof-of-concept code is reportedly available, exploit attempts are expected to pick up.


What is CVE-2022-44877?

CVE-2022-44877 is a command injection vulnerability that allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter. The vulnerability is rated critical and has a CVSS score of 9.8.


What Versions of Control Web Panel are Vulnerable?

Control Web Panel 7 prior to version 0.9.8.1147 are vulnerable.


Has the Vendor Released a Patch for CVE-2022-44877?

Yes, a patch was released in version 0.9.8.1147 on October 25, 2022.


What is the Status of Protection?

FortiGuard Labs released the following IPS signature in version 22.480 for CVE-2022-44877:

  • CentOS.Web.Panel.login.Command.Injection (default action is set to "pass")

Telemetry