Introducing Qwiet AI AutoFix! Reduce the time to secure code by 95% Read More

The Background

Cybercriminals are currently exploiting a vulnerability in the popular server administration tool Control Web Panel (CWP). This vulnerability allows for a fairly trivial remote code execution (RCE), requiring no authentication. A recent Shodan search shows over 426,000 servers currently running CWP (down from around 435,000 servers a couple days ago) around the globe.

This vulnerability was actually discovered in July of 2022 by Numan Türle, a security engineer at Gais Security who discovered it during security testing on 3rd party applications used by their customers. CWP responded with a patch in 2 days to fix the affected versions, with a code fix later released in October. On Jan 3, 2023 CVE-2022-44877 for the vulnerability (severity score of 9.8 out of 10) was published including a proof of concept exploit and a video showing how it worked. While a sizable amount of time passed between disclosure, patch, and advisory, numbers of exploits of this vulnerability started increasing on Jan 7, 2023, an indication that many of the servers in the wild have not yet been patched for this vulnerability.

CVEs and Application Security Testing

Any exploit in the wild shows the need for robust application security testing. While creating after the fact detection rules for whatever flavor of intrusion detection/prevention tool you prefer (Network IPS, Next Gen Firewalls, EDR, etc…), these are all “after the fact” security measures. Ultimately these vulnerabilities are all the result of applications that were released with bugs in their code that allows them to be exploited. Application security testing is the closest we can get in the security industry to stopping these vulnerabilities from being released in the