{"id":555679,"date":"2023-01-12T19:57:32","date_gmt":"2023-01-12T21:57:32","guid":{"rendered":"https:\/\/teknomers.com\/fr\/alerte-les-pirates-exploitent-activement-des-elements-critiques-panneau-web-de-controle-vulnerabilite-rce\/"},"modified":"2023-01-12T19:57:34","modified_gmt":"2023-01-12T21:57:34","slug":"alerte-les-pirates-exploitent-activement-des-elements-critiques-panneau-web-de-controle-vulnerabilite-rce","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/alerte-les-pirates-exploitent-activement-des-elements-critiques-panneau-web-de-controle-vulnerabilite-rce\/","title":{"rendered":"Alerte\u00a0: les pirates exploitent activement des \u00e9l\u00e9ments critiques &quot;Panneau Web de contr\u00f4le&quot; Vuln\u00e9rabilit\u00e9 RCE"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">12 janvier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 du serveur \/ Linux<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>Des acteurs malveillants tentent activement d&#8217;exploiter une vuln\u00e9rabilit\u00e9 critique r\u00e9cemment corrig\u00e9e dans Control Web Panel (CWP) qui permet des privil\u00e8ges \u00e9lev\u00e9s et l&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9 (RCE) sur des serveurs sensibles.<\/p>\n<p>Suivi comme <strong>CVE-2022-44877<\/strong> (score CVSS\u00a0: 9,8), le bogue affecte toutes les versions du logiciel avant la 0.9.8.1147 et a \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/control-webpanel.com\/changelog#1669855527714-450fb335-6194\" target=\"_blank\">patch\u00e9<\/a> par ses mainteneurs le 25 octobre 2022.<\/p>\n<p>Control Web Panel, anciennement connu sous le nom de CentOS Web Panel, est un outil d&#8217;administration de serveur populaire pour les syst\u00e8mes Linux d&#8217;entreprise.<\/p>\n<p>&#8220;login\/index.php dans CWP (alias Control Web Panel ou CentOS Web Panel) 7 avant 0.9.8.1147 permet aux attaquants distants d&#8217;ex\u00e9cuter des commandes OS arbitraires via des m\u00e9tacaract\u00e8res shell dans le param\u00e8tre de connexion&#8221;, selon <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-44877\" target=\"_blank\">NIST<\/a>.<\/p>\n<p>Le chercheur de Gais Security, Numan Turle, a \u00e9t\u00e9 cr\u00e9dit\u00e9 d&#8217;avoir d\u00e9couvert et signal\u00e9 la faille aux d\u00e9veloppeurs de Control Web Panel.<\/p>\n<p>L&#8217;exploitation de la faille aurait commenc\u00e9 le 6 janvier 2023, suite \u00e0 la <a rel=\"nofollow noopener\" href=\"https:\/\/gist.github.com\/numanturle\/c1e82c47f4cba24cff214e904c227386\" target=\"_blank\">disponibilit\u00e9<\/a> d&#8217;une preuve de concept (PoC), la Shadowserver Foundation et GreyNoise ont divulgu\u00e9.<\/p>\n<p><iframe loading=\"lazy\" title=\"Centos Web Panel 7 Unauthenticated Remote Code Execution - CVE-2022-44877\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/kiLfSvc1SYY?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<p>&#8220;Ceci est un RCE non authentifi\u00e9,&#8221; <a rel=\"nofollow noopener\" href=\"https:\/\/dashboard.shadowserver.org\/statistics\/honeypot\/monitoring\/vulnerability\/?category=monitoring&amp;statistic=unique_ips\" target=\"_blank\">Shadowserver<\/a> <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/Shadowserver\/status\/1613113660817412099\" target=\"_blank\">m&#8217;a dit<\/a> dans une s\u00e9rie de tweets, ajoutant que &#8220;l&#8217;exploitation est triviale&#8221;.<\/p>\n<p>GreyNoise a d\u00e9clar\u00e9 qu&#8217;il avait <a rel=\"nofollow noopener\" href=\"https:\/\/viz.greynoise.io\/tag\/centos-web-panel-rce-cve-2022-44877-attempt?days=10\" target=\"_blank\">observ\u00e9<\/a> quatre adresses IP uniques tentant d&#8217;exploiter CVE-2022-44877 \u00e0 ce jour, dont deux sont situ\u00e9es aux \u00c9tats-Unis et une aux Pays-Bas et une en Tha\u00eflande.<\/p>\n<p>\u00c0 la lumi\u00e8re de l&#8217;exploitation active dans la nature, il est conseill\u00e9 aux utilisateurs qui d\u00e9pendent du logiciel d&#8217;appliquer les correctifs pour att\u00e9nuer les menaces potentielles.<\/p>\n<p>Ce n&#8217;est pas la premi\u00e8re fois que des failles similaires sont d\u00e9couvertes dans CWP.  En janvier 2022, deux probl\u00e8mes critiques ont \u00e9t\u00e9 identifi\u00e9s dans le panneau d&#8217;h\u00e9bergement qui auraient pu \u00eatre militaris\u00e9s pour obtenir une ex\u00e9cution de code \u00e0 distance pr\u00e9-authentifi\u00e9e.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/01\/alert-hackers-actively-exploiting.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80212 janvier 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 du serveur \/ Linux Des acteurs malveillants tentent activement d&#8217;exploiter une vuln\u00e9rabilit\u00e9 critique r\u00e9cemment corrig\u00e9e dans Control Web Panel (CWP) qui permet des privil\u00e8ges \u00e9lev\u00e9s et l&#8217;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9 (RCE) sur des serveurs sensibles. Suivi comme CVE-2022-44877 (score CVSS\u00a0: 9,8), le bogue affecte toutes les versions du [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":555681,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4807,4747,4168,83505,5729,4158,4165,4161,133,20750,8736,4157,4159,4171,4170,65,4167,4160,4163,4162,4394,138693,22778,4172,4169,4166,3667,4164,2784],"class_list":["post-555679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-activement","tag-alerte","tag-comment-pirater","tag-controlequot","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-elements","tag-exploitent","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-pirates","tag-quotpanneau","tag-rce","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-web"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/555679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=555679"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/555679\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/555681"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=555679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=555679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=555679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}