How to find Control Web Panel (CWP) instances

|
Updated

Latest Control Web Panel (CWP) vulnerability #

Security researcher Paulos Yibelo shared findings this week on two new vulnerabilities within the popular Control Web Panel (formerly CentOS Web Panel) web hosting management software. Both CVE-2021-45466 (a file write vulnerability) and CVE-2021-45467 (a file inclusion vulnerability) are interesting individually, but they provide a powerful attack vector when chained together to achieve pre-authentication remote code execution (RCE) on a vulnerable target. Taking into account the 200k+ unique, public-facing servers currently running CWP, there could be many systems at risk of exploitation.

The maintainers of CWP have patched CVE-2021-45467 in the most recent release (v0.9.8.1122), with the guidance for administrators of CWP installations to upgrade to this version as soon as possible. No interim mitigation strategies have been shared.

How to find Control Web Panel (CWP) instances with runZero #

From the Asset Inventory, use the following pre-built query to locate potentially vulnerable Control Web Panel instances within your network:

service.product:"CentOS Web Panel"
Find CWP instances

Please note that though the older product name is used in the query, the underlying match logic is using the web server value found in HTTP header responses from the CWP server, which has remained the same across the product name change.

As always, any prebuilt queries we create are available from our Queries Library. Check out the library for other useful inventory queries.

Written by Pearce Barry

More about Pearce Barry
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

Rapid Response
How to find Go SSH servers on your network
How to discover Go SSH instances on your network that may be vulnerable to CVE-2024-45337
Rapid Response
How to find Cleo Harmony, LexiCom, and VLTransfer installations on your network
Cleo Software has disclosed CVE-2024-50623 affecting installations of Cleo Harmony, VLTransfer, and LexiCom on your network. Here's how to find...
Rapid Response
How to find Cisco NX-OS assets on your network
Cisco has released an advisory for a vulnerability found within their NX-OS software. Here's how to find affected assets.
Rapid Response
How to find Citrix Virtual Apps and Desktops software on your network
Citrix has released an advisory for two vulnerabilities affecting Citrix Virtual Apps and Desktops software.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved