CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Feb 7, 2023
Description
CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.
EPSS — Exploit Probability
94.5%
Higher than 100.0% of all CVEs
Required Action
https://control-webpanel.com/changelog#1669855527714-450fb335-6194; https://nvd.nist.gov/vuln/detail/CVE-2022-44877
Risk Assessment
HIGHIn CISA KEV
High EPSS
Details
- Severity
- High
- EPSS
- 94.5%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Jan 17, 2023
Added to KEV
Jan 17, 2023
Remediation Due
Feb 7, 2023