An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion. The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week. Two Intrusions In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion… Source link
Read More »Yearly Archives: 2023
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)
Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 affected Adobe ColdFusion versions 2021, 2018, 2016 and 11, but Adobe provided patches only for the former two, as ColdFusion 2016 and 11 had previously reached the end of their (product) lifecycle. CISA added the… Source link
Read More »Attackers breach US government agencies through ColdFusion flaw
In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable lateral movement in the environments. The breached ColdFusion instances were outdated in both cases as the exploited vulnerability had a fix available since March. “Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” CISA said in its advisory without attributing the attacks to any known group. “No… Source link
Read More »Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023. The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023. It was added by CISA to the Known… Source link
Read More »Unpatched Adobe ColdFusion bug led to double breach of US federal agency
Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency’s systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited CVE-2023-26360, an improper access control vulnerability that can result in arbitrary code execution. The bug affects versions of ColdFusion 2018 prior to Update 16 and ColdFusion 2021 prior to Update 6. It also affects two older versions of the web-application development software which are no longer… Source link
Read More »Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency – SecurityWeek
[unable to retrieve full-text content]Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency SecurityWeek Source link
Read More »Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw – Security Affairs
[unable to retrieve full-text content]Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw Security Affairs Source link
Read More »ColdFusion Exploit Used to Access Federal Agency – Duo Security
[unable to retrieve full-text content]ColdFusion Exploit Used to Access Federal Agency Duo Security Source link
Read More »Federal agency breached through Adobe ColdFusion vulnerability – The Record from Recorded Future News
[unable to retrieve full-text content]Federal agency breached through Adobe ColdFusion vulnerability The Record from Recorded Future News Source link
Read More »CISA details twin attacks on federal servers via unpatched ColdFusion flaw – The Register
[unable to retrieve full-text content]CISA details twin attacks on federal servers via unpatched ColdFusion flaw The Register Source link
Read More »