The publicly available cPanelSniper exploit has already been used to breach over 44,000 servers, making immediate patching critical for all hosting environments.
Vulnerability and Exploit Details
A critical security flaw in cPanel has been weaponized by threat actors. The vulnerability, tracked as a critical severity issue, allows unauthenticated attackers to remotely compromise web hosting servers. A public proof of concept exploit named cPanelSniper has been released, demonstrating how the flaw can be used to gain full control over affected systems. The exploit leverages a weakness in the software’s authentication mechanisms to bypass security checks.
Impact and Scope
The scale of the exploitation is significant, with security researchers identifying over 44,000 compromised servers worldwide. This widespread attack affects web hosting providers and individual site owners who manage their own cPanel installations. Organizations running vulnerable versions of cPanel are at immediate risk of data theft, website defacement, and further network compromise. The flaw has been assigned a CVE identifier and details are available at https://www.cve.org/CVERecord?id=CVE-2024-xxxxx for systems running cPanel versions prior to the latest security update.
Urgent Mitigation Steps
System administrators must immediately update their cPanel installations to the latest patched version. The vendor has released a security update that addresses this critical vulnerability. Administrators should also review server logs for signs of unauthorized access, rotate all administrative credentials, and check for any suspicious files or backdoors. Organizations that detect compromise should disconnect affected systems from the network and engage incident response teams.
Source: Cyber Security News
