CVE-2022-0073 is a high-severity vulnerability identified in LiteSpeed Technologies' OpenLiteSpeed Web Server and LiteSpeed Web Server dashboards, specifically affecting version 1.7.0 prior to 1.7.16.1. The vulnerability is categorized under CWE-20, which pertains to improper input validation. This flaw allows an attacker with at least low-level privileges (PR:L) to perform command injection attacks remotely (AV:N) without requiring user interaction (UI:N). The vulnerability arises because the web server fails to properly validate input data, enabling maliciously crafted inputs to be executed as system commands. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, as successful exploitation can lead to full system compromise. The vulnerability scope is unchanged (S:U), meaning the impact is confined to the vulnerable component. Although no known exploits are reported in the wild, the ease of exploitation combined with the critical impact makes this a significant risk. The vulnerability affects the OpenLiteSpeed Web Server dashboard, which is used for server management and configuration, making it a valuable target for attackers seeking to gain control over web infrastructure.

For European organizations utilizing OpenLiteSpeed Web Server version 1.7.0 or earlier than 1.7.16.1, this vulnerability poses a serious threat. Exploitation could lead to unauthorized remote command execution, allowing attackers to compromise server confidentiality by accessing sensitive data, alter or destroy data integrity, and disrupt availability by executing destructive commands or deploying ransomware. Given that web servers are often exposed to the internet, this vulnerability could be leveraged to pivot into internal networks, leading to broader organizational compromise. Sectors such as finance, healthcare, government, and critical infrastructure in Europe, which rely on secure web services, could face operational disruptions, data breaches, and regulatory non-compliance consequences (e.g., GDPR violations). The absence of required user interaction and the network attack vector increase the likelihood of exploitation, especially if privileged credentials are compromised or weakly protected.

European organizations should immediately verify their OpenLiteSpeed Web Server versions and upgrade to version 1.7.16.1 or later where the vulnerability is patched. If upgrading is not immediately feasible, organizations should restrict access to the web server dashboard to trusted IP addresses via firewall rules or VPNs to limit exposure. Implement strict access controls and monitor logs for unusual command execution attempts or anomalous activity. Employ web application firewalls (WAFs) with custom rules to detect and block command injection patterns targeting OpenLiteSpeed dashboards. Regularly audit user privileges to ensure minimal necessary access, reducing the risk of privilege escalation. Additionally, conduct penetration testing focused on input validation weaknesses and maintain up-to-date intrusion detection systems (IDS) to identify exploitation attempts. Finally, establish incident response plans specific to web server compromises to enable rapid containment and recovery.