Skip to main content

Linux Servers at Risk of RCE Due to Critical CWP Bugs

posted onJanuary 25, 2022
by l33tdawg
Threat Post
Credit: Threat Post

Researchers have discovered two critical bugs in Control Web Panel (CWP) – a popular web hosting management software used by 200K+ servers – that could allow for remote code execution (RCE) as root on vulnerable Linux servers.

CWP, formerly known as CentOS Web Panel, is an open-source Linux control panel software used for creating and managing web hosting environments. The software supports the operating systems CentOS, Rocky Linux, Alma Linux and Oracle Linux.

The two vulnerabilities – found by Octagon Networks’ Paulos Yibelo – are tracked as CVE-2021-45467 (a file inclusion vulnerability) and CVE-2021-45466 (a file write bug). When chained, the two vulnerabilities can lead to RCE. The problems are found in parts of the CWP panel that are exposed without authentication in the webroot, according to Octagon’s writeup.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th