CentOS Control Web Panel Critical Issue: Patch Required by February 7

The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical -- and already exploited -- security vulnerability in the widely used CentOS Control Web Panel utility.

The agency added the CVE-2022-44877 flaw to its KEV (Known Exploited Vulnerabilities) catalog and set a February 7th deadline for federal agencies to test and deploy an available fix. 

Security researchers warned earlier this month that the publication of proof-of-concept code and a YouTube video demonstration would lead to live attacks.  Soon after, threat-hunting outfits GreyNoise and Shadowserver spotted signs of exploitation in the wild.