"Hackers Exploit Control Web Panel Flaw to Open Reverse Shells"

A recently patched critical vulnerability in Control Web Panel (CWP), formerly known as CentOS Web Panel, is being exploited by hackers. This tool is used to manage servers. The security flaw, tracked as CVE-2022-44877, has a critical severity rating of 9.8 since it enables Remote Code Execution (RCE) without authentication. On January 3, researcher Numan Türle of Gais Cyber Security published a proof-of-concept (PoC) exploit and a video demonstrating how it works. Soon after, security researchers discovered that hackers were using the vulnerability to get remote access to unpatched systems and locate additional vulnerable systems. Version 0.9.8.1147 of the CWP was released on October 25, 2022, to address the vulnerability, which affects earlier versions of the panel. A technical examination of the PoC exploit code is available from CloudSek, which conducted a search for CWP servers on the Shodan platform and discovered more than 400,000 CWP instances that can be accessed over the Internet. Researchers at the Shadowserver Foundation, who observed the vulnerability being exploited, report that their daily scans detect approximately 38,000 CWP instances. This article continues to discuss findings surrounding the exploitation of the CWP vulnerability. 

Bleeping Computer reports "Hackers Exploit Control Web Panel Flaw to Open Reverse Shells"