HackDig : Dig high-quality web security articles

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

2023-01-19 07:53

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog.

The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog.

The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.

Researchers warn that threat actors are actively exploiting the vulnerability in Control Web Panel (CWP).

The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online.

Known Exploited Vulnerabilities Catalog Control Web Panel

“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.” reads the advisory for this vulnerability.

Researchers from Grey Noise and ShadowServer confirmed that threat actors are actively exploiting the flaw.

Read:121499 | Comments:0 | Tags:Breaking News Security CISA CVE-2022-44877 hacking news info

“US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud