Hackers target and exploit major Control Web Panel security flaw

Threat actors are abusing a known vulnerability in Control Web Panel (CWP) to start reverse shells and execute malicious code remotely. Re...

Threat actors are abusing a known vulnerability in Control Web Panel (CWP) to start reverse shells and execute malicious code remotely.

Researcher Numan Türle from Gais Cyber Security released a YouTube video showing how the vulnerability can be exploited. Three days later, researchers observed an uptick in the abuse of the flaw, which is tracked as CVE-2022-44877, and carries a severity score of 9.8/10 - critical.

The fix for the vulnerability being abused was released in late October 2022, but ever since a security researcher published a proof-of-concept (PoC), hackers picked up the pace.

Reverse shell

The potential attack surface is quite large. CloudSek, which analyzed the PoC, says running a search for CWP servers on Shodan brings back more than 400,000 internet-accessible instances. While not all of those are obviously vulnerable, it shows that the flaw has quite the destructive potential. Furthermore, Shadowserver Foundation’s researchers claim some 38,000 CWP instances pop up every day. 

Endpoints that really are vulnerable are being exploited to spawn an interaction terminal, researchers say. Starting a reverse shell, hackers would convert encoded payloads to Python commands which would reach out to the attacker’s devices and spawn a terminal with the Python pty Module. However, not all hackers are that fast - some are just scanning for vulnerable machines, possibly to prepare for future attacks, researchers speculate. 

The worst thing about abusing CVE-2022-44877 in attacks is that it has gotten super easy, especially after the exploit code was made public. All hackers have to do now is find vulnerable targets which, according to the publication, is a “menial task”. 

CWP version 0.9.8.1147, which addresses this issue, was released on October 25, 2022. IT admins are urged to apply this fix, or even better - update CWP to the current version of 0.9.8.1148, published in early December. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/gL6Admu
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,24916,TrendlyNews,8,Video,5,XIAOMI,13,YouTube - 9to5Google,7,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Hackers target and exploit major Control Web Panel security flaw
Hackers target and exploit major Control Web Panel security flaw
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/01/hackers-target-and-exploit-major.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/01/hackers-target-and-exploit-major.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy