Exploited Control Web Panel Flaw Added to CISA ‘Must Patch’ List

Control Web Panel (CWP), an open source web hosting panel, has had a critical vulnerability added to CISA’s ‘must patch’ list. According to cybersecurity experts, the flaw is actively being exploited in the wild, making it a serious threat that must be taken seriously. The vulnerability (CVE-2020-3906) was identified in February of this year and affects all versions of CWP up to 6.4.7. It has been classified as a remote code execution bug and is said to be trivial to exploit. The vulnerability is caused by improper sanitization of user input in the CWP login form. An attacker with network access to the server can craft a malicious request and gain the ability to carry out arbitrary commands. Experts say the vulnerability can be used to take complete control of the web server, allowing them to steal, modify or delete any data at will. CISA has added the vulnerability to its ‘must patch’ list and recommends that users of affected versions upgrade immediately. They also recommend that users take steps to protect their networks from external threats and ensure they have a comprehensive patch management strategy in place. Control Web Panel is a popular tool used to manage websites, but experts warn it may not be enough to completely address the risk. They suggest a multi-layered approach that includes both technical and non-technical measures to reduce the risk of a successful attack. Organizations should ensure they are aware of all potential vulnerabilities in their systems and ensure they are proactively mitigating any security risks. Additionally, they should implement appropriate access control to limit the ability of unauthorized actors to gain access to sensitive data and systems. The taking of Control Web Panel vulnerability seriously is a must in order to protect networks and systems from any potential malicious actors. Organizations should assess the impact of the vulnerability on their systems and take the necessary steps to protect and mitigate any potential damages.

This Cyber News was published on www.securityweek.com. Publication date: Sun, 22 Jan 2023 10:48:00 +0000


Cyber News related to Exploited Control Web Panel Flaw Added to CISA ‘Must Patch’ List

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
4 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
4 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
4 months ago Securityaffairs.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
4 months ago Securityaffairs.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
3 months ago Securityaffairs.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
3 months ago Securityaffairs.com
Exploited Control Web Panel Flaw Added to CISA ‘Must Patch’ List - Control Web Panel (CWP), an open source web hosting panel, has had a critical vulnerability added to CISA’s ‘must patch’ list. According to cybersecurity experts, the flaw is actively being exploited in the wild, making it a serious threat that ...
1 year ago Securityweek.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
1 week ago Therecord.media
Russia's Midnight Blizzard stole email of more Microsoft customers - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities ...
3 months ago Securityaffairs.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
9 months ago Cisa.gov
CISA orders federal agencies to patch Looney Tunables Linux bug - Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions. Dubbed 'Looney Tunables' by Qualys' Threat Research Unit and ...
10 months ago Bleepingcomputer.com
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
7 months ago Securityweek.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
4 months ago Securityaffairs.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
10 months ago Cisa.gov
CISA pushes federal agencies to patch Citrix RCE within a week - Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing for a Citrix RCE bug to be patched within a week. Citrix urged ...
8 months ago Bleepingcomputer.com
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
4 months ago Securityaffairs.com
CISA warns of actively exploited bugs in Chrome and Excel parsing library - The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information ...
9 months ago Bleepingcomputer.com
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
4 months ago Securityaffairs.com
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
4 months ago Securityaffairs.com
North Korea-linked IT workers infiltrated hundreds of US firms - CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
4 months ago Securityaffairs.com
WAGO PFC200 Series - RISK EVALUATION. Successful exploitation of this vulnerability could allow an attacker with administrative privileges to access sensitive files in an unintended, undocumented way. Compact Controller CC100: Versions later than FW19, up to and ...
10 months ago Cisa.gov
CISA reveals how fed agency succumbed to ColdFusion attacks The Register - CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability. The vulnerability, tracked as CVE-2023-26360, was disclosed in March ...
10 months ago Go.theregister.com
CISA warns of actively exploited Juniper pre-auth RCE exploit chain - CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution attacks as part of a pre-auth exploit chain. The alert comes one week after Juniper updated its ...
10 months ago Bleepingcomputer.com
A cyberattack shutdown the University Hospital Centre Zagreb in Croatia - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Stanford University announced that 27,000 ...
3 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)