Control Web Panel Missing Authentication Remote Code Execution Vulnerability
CVE-2023-42121

9.8CRITICAL

Key Information:

Vendor
CVE Published:
3 May 2024

What is CVE-2023-42121?

A significant vulnerability in Control Web Panel allows remote attackers to execute arbitrary code without any authentication. This issue resides in the web interface's faulty implementation of authentication, enabling unauthorized access to critical functionalities. By exploiting this flaw, attackers can act in the context of a legitimate CWP user, posing a serious risk to system integrity and security.

Affected Version(s)

Control Web Panel 0.9.8.1152

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.