The public release of the cPanelSniper exploit, which leverages CVE-2023-29489, has triggered a mass compromise of roughly 44,000 web hosting servers globally.
How the Exploit Works
Security researchers have released a proof of concept exploit named cPanelSniper that targets a critical vulnerability in cPanel software. The flaw, tracked as CVE-2023-29489 (https://cve.org/CVE-2023-29489), allows unauthenticated attackers to execute arbitrary code on vulnerable servers by sending specially crafted HTTP requests. The exploit takes advantage of improper input validation in cPanel’s web interface, enabling remote attackers to bypass authentication and gain full control over the hosting environment.
Impact and Scope
The attack campaign has already compromised over 44,000 cPanel servers worldwide, primarily targeting web hosting providers and shared hosting environments. The majority of affected systems are running outdated versions of cPanel that have not applied the available security patches. Once exploited, attackers have been observed deploying web shells, stealing customer credentials, and using compromised servers for cryptocurrency mining operations. Hosting providers are urged to immediately update their cPanel installations and audit their systems for signs of compromise.
Mitigation Recommendations
Users should upgrade to cPanel version 110.0.20 or later, which contains the fix for CVE-2023-29489. Administrators should also review server logs for suspicious HTTP requests targeting the cPanel login portal, monitor for unauthorized file modifications in web directories, and implement web application firewall rules to block exploit attempts. Hosting companies are advised to force password resets for all customer accounts as a precautionary measure.
Source: Cyber Security News
