CWP bugs allow code execution as root on Linux servers

by | Jan 25, 2022 | News

Reading Time: 1 Minute

 

Two security vulnerabilities that impact the Control Web Panel (CWP) software can be chained by unauthenticated attackers to gain remote code execution (RCE) as root on vulnerable Linux servers.

 

 

 

CWP, previously known as CentOS Web Panel, is a free Linux control panel for managing dedicated web hosting servers and virtual private servers.

The two security flaws found by Octagon Networks’ Paulos Yibelo are a file inclusion vulnerability (CVE-2021-45467) and a file write (CVE-2021-45466) bug that lead to RCE when chained together.

In short, successful exploitation requires bypassing security protections to prevent attackers from reaching the restricted API section without authentication.

This can be done by registering an API key using the file inclusion bug and creating a malicious authorized_keys file on the server using the file write flaw.

 
 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

While the CVE-2021-45467 file inclusion vulnerability was patched, Octagon Networks says that they saw how “some managed to reverse the patch and exploit some servers.”

 

 

Octagon Networks says that, while the CVE-2021-45467 file inclusion vulnerability was patched, they saw how “some managed to reverse the patch and exploit some servers.”

The security researchers also said they would release a proof-of-concept exploit for this pre-auth RCE chain after enough Linux servers running CWP will get upgraded to the latest version.

 
 

 

 

According to CWP’s developers, their software supports the following operating systems: CentOS, Rocky Linux, Alma Linux, and Oracle Linux

While the CWP site claims that roughly 30,000 servers are running CWP, BleepingComputer found almost 80,000 Internet-exposed CWP servers on BinaryEdge. 

Over 200,000 can also be found on Shodan and Censys, according to the researchers who discovered the pre-authentication RCE chain.

 

 

 

See Also: OSINT Tool: Commit Stream

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

See Also: Stuxnet – A weapon made out of code that almost started WW3

 

Source: threatpost.com

 

(Click Link)

 


 

merch

Share This