CVE-2021-45466

CVSS V2 None CVSS V3 None
Description
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder.
Overview
  • CVE ID
  • CVE-2021-45466
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-26T05:15:10
  • Last Modified Date
  • 2023-01-24T18:57:12
Weakness Enumerations
CWE URL
CWE-863 http://cwe.mitre.org/data/definitions/863.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:centos-webpanel:centos_web_panel:*:*:*:*:*:*:*:* 1 OR 0.9.8.1107
References
Reference URL Reference Tags
https://control-webpanel.com/changelog
https://octagon.net/blog/2022/01/22/cve-2021-45467-cwp-centos-web-panel-preauth-rce/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-45466
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45466
History
Created Old Value New Value Data Type Notes
2022-12-26 05:15:57 Added to TrackCVE
2022-12-27 14:15:49 2022-12-27T13:48:11 CVE Modified Date updated
2022-12-27 14:15:49 Received Awaiting Analysis Vulnerability Status updated
2022-12-30 19:14:20 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-05 21:16:30 2023-01-05T20:56:11 CVE Modified Date updated
2023-01-05 21:16:30 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-05 21:16:31 Weakness Enumeration new
2023-01-05 21:16:32 CPE Information updated
2023-01-24 19:13:58 2023-01-24T18:57:12 CVE Modified Date updated