Cybersecurity experts are warning that hackers are attacking a critical vulnerability, CVE-2022-44877 (9.8 out of 10 on the CVSS scale), recently fixed in Control Web Panel (CWP), a server management tool previously known as CentOS Web Panel.
On January 3rd, 2023, specialists from Gais Cyber Security, who originally reported the issue in October of last year, published a PoC exploit for the vulnerability and also demonstrated the use of the bug in a separate video. Just three days later, researchers noticed that hackers had already taken the vulnerability into their arsenal as it allows for remote access to unprotected systems and the discovery of other vulnerable machines. It’s important to note that CVE-2022-44877 was fixed in October of last year, with the release of CWP 0.9.8.1147.
Despite the fix, experts from Shadowserver Foundation, who have been monitoring the use of the vulnerability, have noted that their daily scans are detecting around 38,000 instances of CWP (this total does not necessarily mean that all of them are vulnerable).
To protect your systems, it’s crucial to update to the latest version of CWP. Don’t wait for hackers to exploit the vulnerability on your installation, update your server management tool now to keep your data safe.