At least 15 government and military web servers have been breached via an actively exploited cPanel vulnerability that allows unauthenticated remote code execution.
Vulnerability Details
A critical security flaw in cPanel, a widely used web hosting control panel, is being actively exploited in the wild. Tracked as CVE-2023-29489, this vulnerability allows an unauthenticated attacker to execute arbitrary code on affected servers. The exploit targets a cross-site scripting (XSS) weakness in the cPanel interface, but researchers have demonstrated that it can be chained with other attack vectors to achieve remote code execution. The flaw affects all versions of cPanel prior to the latest security patch released in April 2023.
Impact and Scope
Security researchers have confirmed that hackers are using this vulnerability to breach government and military web servers globally. The attacks have compromised at least 15 high value targets including defense ministry portals and national security agency websites. Once inside, attackers deploy webshells to maintain persistent access, exfiltrate sensitive data, and pivot to internal networks. The full extent of the compromise remains under investigation, but initial reports indicate that classified material may have been accessed. System administrators running unpatched cPanel installations are urged to apply the latest updates immediately to prevent further breaches.
Mitigation Guidance
Organizations using cPanel should immediately update to version 11.106.0.7 or later, which contains the fix for CVE-2023-29489. Additionally, security teams should audit their servers for signs of compromise, including unexpected files in web directories and suspicious outbound network connections. Network segmentation and strict access controls should be enforced on any cPanel managed servers that handle sensitive or classified data.
Source: Cyber Security News
