Immediately patch CWP vulnerability that allows code execution as root on Linux servers
CWP, formerly known as CentOS Web Panel, is a free Linux control panel for managing dedicated web hosting servers and virtual private servers. The two vulnerabilities were discovered by Octagon Networks researcher Paulos Yibelo. They are tracked under the codes CVE-2021-45467 (file inclusion vulnerability) and CVE-2021-45466 (file write vulnerability) and can be chained to an RCE attack.
In short, when successfully exploiting these two vulnerabilities, hackers can bypass protections to gain access to restricted APIs without authentication.
This can be done by registering an API key via the include file vulnerability and creating a malicious authorized_keys file on the server using the file write vulnerability.
Although the vulnerability includes a patched file CVE-2021-45467, Octagon Network says it has found a way to bypass the patch and continue to exploit some of the servers. Security researchers at Octagon Network claim that when a sufficient number of Linux servers running CWP are patched, they will make their exploits (POCs) public.
According to the developers of CWP, their software supports the following operating systems: CentOS, Rocky Linux, Alma Linux and Oracle Linux.
While the CWP homepage claims that there are about 30,000 servers running CWP, news site BleepingComputer reports that nearly 80,000 servers running CWP are exposed to the Internet on BinaryEdge. More than 200,000 other CWP servers can be found on Shodan and Censys.
You should read it
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- How to install and use a vulnerability scanner in Linux
- The 5 best Linux server distributions
- 7 Enterprise Linux Server Distributions
- 12 best Linux server operating systems
- How to set up your own Git server on Linux
- How to manage remote Linux server using SSH
- New points in SQL Server 2017
May be interested
- Dell computers became victims of RCE attacks by vulnerabilities in SupportAssistdell recently quietly released a new security update to patch the supportassist client software vulnerability, potentially allowing attackers to not authenticate on the same network access layer using executable malware from away from arbitrary privileges on the victim's computer.
- Google urged Chrome users to update the new version immediately to fix the vulnerabilityimmediately after reading this article, you must remember to update your google chrome immediately to the latest version!
- Serious security vulnerability on AMD CPUs has been patchedusers need to update the microcode patch immediately to ensure security.
- Adobe Flash Player has a serious zero-day vulnerabilityrecently, another zero-day vulnerability was discovered by south korea's cert in adobe flash player to allow remote code execution (rce), remote code execution behavior on different platforms.
- Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch hereleandro barragan and maximiliano vidal, two researchers from network security company core security, have found a number of vulnerabilities that can be exploited in the web management console of kaspersky anti-virus for linux servers.
- PrintNightMare vulnerability patch is flawed, attackers can still 'break through'yesterday, microsoft released a patch for the printnightmare zero-day vulnerability. this bug allows attackers to remotely execute code on fully patched print spooler devices.
- The researcher released code that exploits the iOS Kernel vulnerabilityadam donenfeld, a researcher at mobile security company zimperium, has released the poc code for ziva - a kernal vulnerability affecting ios 10.3.1 and earlier.
- How to Become Root in Ubuntuto run administrative tasks in linux, you must have root (also known as superuser) access. having a separate root account is common in most linux distributions, but ubuntu disables root by default. this prevents users from making mistakes...
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge itmicrosoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
- How to Become Root in Linuxthe 'root' account on a linux computer is the account with full privileges. root access is often necessary for performing commands in linux, especially commands that affect system files. because root is so powerful, it's recommended to...