Control Web Panel Vulnerability Alert | January 2023

There's a critical vulnerability in CentOS Control Web Panel 7 (CWP). Here's what you need to know.

Background

A critical security flaw has been discovered in CentOS Control Web Panel 7 (CWP), a common interface for web hosting. The security flaw (CVE-2022-44877) allows a remote, unauthenticated attacker to perform arbitrary code execution. Attackers are actively exploiting this vulnerability. A security patch has been released and should be applied as soon as possible.

Impact

Attackers can exploit this vulnerability to gain full control over unpatched systems. Corvus has observed similar vulnerabilities lead to ransomware events.

Next Steps

  1. Upgrade to the latest version of CWP as soon as possible:

Resources