Threat actors are abusing a known vulnerability in Control Web Panel (CWP) to start reverse shells and execute malicious code remotely.
Researcher Numan Türle from Gais Cyber Security released a YouTube video showing how the vulnerability can be exploited. Three days later, researchers observed an uptick in the abuse of the flaw, which is tracked as CVE-2022-44877, and carries a severity score of 9.8/10 – critical.
The fix for the vulnerability being abused was released in late October 2022, but ever since a security researcher published a proof-of-concept (PoC), hackers picked up the pace.
Reverse shell
The potential attack surface is quite large. CloudSek, which analyzed the PoC, says running a search for CWP servers on Shodan brings back more than 400,000 internet-accessible instances. While not all of those are obviously vulnerable, it shows that the flaw has quite the destructive potential. Furthermore, Shadowserver Foundation’s researchers claim some 38,000 CWP instances pop up every day.
Endpoints (opens in new tab) that really are vulnerable are being exploited to spawn an interaction terminal, researchers say. Starting a reverse shell, hackers would convert encoded payloads to Python commands which would reach out to the attacker’s devices and spawn a terminal with the Python pty Module. However, not all hackers are that fast – some are just scanning for vulnerable machines, possibly to prepare for future attacks, researchers speculate.
The worst thing about abusing CVE-2022-44877 in attacks is that it has gotten super easy, especially after the exploit code was made public. All hackers have to do now is find vulnerable targets which, according to the publication, is a “menial task”.
CWP version 0.9.8.1147, which addresses this issue, was released on October 25, 2022. IT admins are urged to apply this fix, or even better – update CWP to the current version of 0.9.8.1148, published in early December.
Via: BleepingComputer (opens in new tab)
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba