>
Threat actors exploit a known vulnerability in Control Web Panel (CWP) to launch reverse shells and remotely execute malicious code.
Gais Cyber Security researcher Numan Türle has released a YouTube video showing how the vulnerability can be exploited. Three days later, researchers saw an increase in exploitation of the flaw, which is tracked as CVE-2022-44877, and has a severity score of 9.8/10 – critical.
The fix for the exploited vulnerability was released in late October 2022, but since a security researcher published a proof-of-concept (PoC), hackers have accelerated the pace.
Inverted scale
The potential attack surface is quite large. CloudSek, who analyzed the PoC, says running a search for CWP servers on Shodan returns more than 400,000 internet-accessible instances. While not all of these are obviously vulnerable, it shows that the flaw has quite destructive potential. In addition, the researchers at the Shadowserver Foundation claim that some 38,000 CWP instances appear every day.
Endpoints (opens in new tab) those that are really vulnerable are exploited to spawn an interaction terminal, researchers say. By launching a reverse shell, hackers would convert coded payloads into Python commands that would reach the attacker’s devices and spawn a terminal containing the Python pty module. Not all hackers are that fast, though — some scan only for vulnerable machines, possibly to prepare for future attacks, researchers speculate.
The worst thing about exploiting CVE-2022-44877 in attacks is that it has become super easy, especially after the exploit code was made public. All that’s left for hackers to do now is find vulnerable targets, which the publication says is a “minor task.”
CWP version 0.9.8.1147, which addresses this issue, was released on October 25, 2022. IT administrators are urged to apply this fix, or even better, update CWP to the current version of 0.9.8.1148, released in early December.
Through: Beeping computer (opens in new tab)