US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog.

The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog.

The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022. The vulnerability was discovered by Numan Türle from Gais Security.

Researchers warn that threat actors are actively exploiting the vulnerability in Control Web Panel (CWP).

The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published online.

“login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.” reads the advisory for this vulnerability.

Researchers from Grey Noise and ShadowServer confirmed that threat actors are actively exploiting the flaw.