Headline
Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers
By Deeba Ahmed CISA Warns of Critical Adobe ColdFusion Vulnerability Actively Exploited by Threat Actors. This is a post from HackRead.com Read the original post: Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers
Authorities urge Adobe ColdFusion customers to promptly install patches and update their systems.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Cybersecurity Advisory (CSA) alerting organizations to the exploitation of a critical vulnerability in Adobe ColdFusion by unidentified threat actors.
The vulnerability, CVE-2023-26360, affects Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier), as well as older ColdFusion installations that Adobe no longer supports.
Exploitation of CVE-2023-26360 allows threat actors to execute arbitrary code on affected systems, posing a significant security risk. The vulnerability was added to CISA’s known exploited vulnerability (KEV) catalogue right after its discovery, and an April 5 deadline was given to agencies to fix the issue.
Adobe ColdFusion is a widely used software suite for web application development. Hackread has been reporting this vulnerability ever since it was discovered in March. We reported in August 2023 that this critical remote code execution (RCE) flaw, which impacts both Windows and macOS platforms, allows attackers to seize control of affected systems, making it a high-severity cybersecurity risk. Adobe released security patches to address the following vulnerabilities:
- APSB23-40
- APSB23-41
- APSB23-47
However, FortiGuard Labs observed continued exploitation attempts at that time, indicating that some users had not yet applied the patches.
Now, the same vulnerability has been exploited by unidentified hackers to gain access to two systems within a Federal Civilian Executive Branch (FCEB) agency. Reportedly, the FCEB was running outdated versions, including ColdFusion, which made it vulnerable to the exploit. The hackers were able to gain initial access to two public-facing web servers within the agency’s pre-production environment.
At least two public-facing servers within a Federal Civilian Executive Branch (FCEB) agency were targeted with this vulnerability between June and July 2023. Here are the details of the attacks:
June 2: Initial access, reconnaissance activities (local/domain admin information, network configurations, user details), and deployment of a remote access trojan (RAT). Attempts to exfiltrate data, obtain credentials, download data from C2 infrastructure, and change policies were unsuccessful.
June 26: Attackers connected through a malicious IP address, exploited the vulnerability, and analysed running processes. They navigated the filesystem, deleted logs, and executed malicious code designed for ColdFusion versions 9 and below (targeting usernames, passwords, and URLs).
The code could enable future attacks and upload additional files from an unknown source. Password decryption was not possible due to the agency’s newer ColdFusion version. Attempts to conceal the web shell also failed.
While the hackers could insert malware and launch a reconnaissance campaign, there is no evidence of data exfiltration or lateral movement. The agency removed the compromised servers from the network within 24 hours of receiving the alert. CISA is yet to clarify whether the two attacks originated from the same operators.
****RELATED ARTICLES****
- 68% of US Websites Exposed to Bot Attacks
- Fake Lockdown Mode Exposes iOS Users to Malware Attacks
- Cyberattack Defaces Israeli-Made Equipment at US Water Agency
- Hackers Leak Thousands of Idaho National Lab Employees’ PII Data
- USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data
Related news
Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them," Kaspersky
Adobe ColdFusion versions 2018,15 and below and versions 2021,5 and below suffer from an arbitrary file read vulnerability.
Everyone's New Year's Resolution should be to stop using passwords altogether.
CISA has published an advisory about a vulnerability in Adobe Coldfusion used in two attacks against federal agencies.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. "The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,"
Categories: Exploits and vulnerabilities Categories: News Tags: Adobe Tags: ColdFusion Tags: CVE-2023-26359 Tags: CVE-2023-26360 Tags: critical Tags: known exploited Tags: deserialization A second Adobe ColdFusion vulnerability that was patched in April has been added to CISA's known exploited vulnerabilities catalog. (Read more...) The post Adobe ColdFusion vulnerability exploited in the wild appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, cataloged as CVE-2023-26359 (CVSS score: 9.8), relates to a deserialization flaw present in Adobe ColdFusion 2018 (Update 15 and earlier) and ColdFusion 2021 (
This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution. "Adobe ColdFusion
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: March Tags: 2023 Tags: Microsoft Tags: Adobe Tags: Fortinet Tags: Android Tags: SAP Tags: CVE-2023-23397 Tags: CVE-2023-24880 Tags: CVE-2023-26360 Tags: CVE-2022-41328 This Patch Tuesday, Microsoft has released fixes for two actively exploited zero-days and Adobe has fixed one. (Read more...) The post Update now! Microsoft fixes two zero-day bugs appeared first on Malwarebytes Labs.