Bestgamingpro

Product reviews, deals and the latest tech news

Hackers target and exploit major Control Web Panel security flaw

Hackers target and exploit major Control Web Panel security flaw

Control Web Panel (CWP) has a known vulnerability that is being used by threat actors to launch reverse shells and remotely execute malicious malware.

After discovering the flaw, Gais Cyber Security researcher Numan Türle uploaded a video on YouTube demonstrating how to take advantage of it. There was a spike in exploit attempts targeting the vulnerability (identified as CVE-2022-44877) three days later, prompting researchers to rate it as critical.

Even though a patch for the exploited vulnerability was provided in late October 2022, hackers have ramped up their efforts since after a proof-of-concept (PoC) was revealed by a security researcher.

To reverse a shell

A large area might be vulnerable to assault. CloudSek, who performed the PoC analysis, reports that a search for CWP servers on Shodan returns more than 400,000 instances that are reachable over the internet. Even though not all of them are visibly susceptible, it demonstrates the seriousness of the flaw’s impact. Furthermore, investigators from the Shadowserver Foundation believe that 38,000 new CWP instances appear every day.

Apparently, researchers have found a way to exploit legitimately weak endpoints (opens in new tab) to create an interactive terminal. To initiate a reverse shell, attackers would decode payloads into Python instructions using the Python pty Module, which would then communicate with the victim’s device and open a terminal session. Researchers believe that not all hackers are lightning quick and that others are only browsing for susceptible devices.

A major problem with using CVE-2022-44877 in attacks is how simple it has become, particularly after the exploit code was made available. The newspaper claims that the only remaining work for hackers is the “menial chore” of identifying weak targets.

The fix for this problem was included in CWP0.9.8.1147, which was published on October25, 2022. IT administrators are strongly advised to either deploy this patch or upgrade CWP to the most recent version, 0.9.8.1148, released in the first week of December.