Hackers are exploiting a known critical vulnerability in the Web Control Panel web hosting interface. The unauthenticated remote code execution flaw was patched in October 2022; users are urged to update to version 0.9.8.1147 or later.
Note
- This is an attack on “CentOS Web Panel,” which is a very analogous project to the classic “Webmin” interfaces. None of these interfaces should be directly exposed to the Internet, but just like other internal management stations are, you can imagine these are as well. This one is tragically bad, as it’s an unauthenticated attack. Hopefully, these systems are not connected to internal networks. I would state that a VPN, SSH, or other secured connectivity method should be used. However, I suspect most of our readers are aware of this. Instead, what I will say is a cursory look on the internet does not suggest an extremely wide-scale deployment of this software exposed to the internet. We have yet to encounter this system on the Enterprise penetration tests we’ve been on.
- If you’re using the Centos Web Panel 7, apply the update from October. This flaw has a CVSS score of 9.8. Seriously, you can run OS level commands because of how the input is handled, making it pretty easy to exploit.
Read more in
