Vulnerability with 9.8 severity in Control Web Panel is under active exploit

by
Dan Goodin
from Ars Technica - All content on (#67S5P)
exploit-800x534.jpg

Enlarge (credit: Getty Images)

Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting.

This is an unauthenticated RCE," members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit. Exploitation is trivial and a PoC published." PoC refers to a proof-of-concept code that exploits the vulnerability.

The vulnerability is tracked as CVE-2022-44877. It was discovered by Numan Turle of Gais Cyber Security and patched in October in version 0.9.8.1147. Advisories didn't go public until earlier this month, however, making it likely some users still aren't aware of the threat.

Read 5 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments