Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability
CVE-2023-42122

7.8HIGH

Key Information:

Vendor
CVE Published:
3 May 2024

What is CVE-2023-42122?

A local privilege escalation vulnerability exists in the Control Web Panel, specifically within the cwpsrv process that listens on the loopback interface. The vulnerability is due to insufficient validation of a user-supplied string used for executing system calls. Attackers with access to execute low-privileged code on an affected system can leverage this flaw to escalate privileges, potentially enabling them to execute arbitrary code with root privileges. Remediation through patching is critical to mitigate the risk associated with this exploitation.

Affected Version(s)

Control Web Panel 0.9.8.1152

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.