Attempted exploitation of critical Control Web Panel bug underway

SecurityWeek reports that threat actors have begun attempts to exploit a critical flaw in the widely used free web hosting panel Control Web Panel, previously known as CentOS Web Panel, after a proof-of-concept code was published earlier this month. Exploiting the vulnerability, tracked as CVE-2022-44877, enables remote code execution without authentication and has already been patched in October after being discovered and reported by Gais Cyber Security researcher Numan Turle, who released the PoC exploit on Jan. 3. Active exploitation was then recorded by both GreyNoise and The Shadowserver Foundation, with the latter noting initial exploitation on Jan. 6. Internet-connected CWP instances reach nearly 38,000 daily, according to Shadowserver. Meanwhile, more than 400,000 servers have been found by a Shodan query conducted by CloudSEK. Users of vulnerable CWP instances have been urged to update to CWP7 version 0.9.8.1147, which includes patches for the flaw, and newer versions.