Unpatched Adobe ColdFusion bug led to double breach of US federal agency

Unpatched Adobe ColdFusion bug led to double breach of US federal agency

Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency’s systems two months after a mandated deadline to mitigate the vulnerability had passed.

The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved.

The attacks — carried out by either one or two unknown threat groups — exploited CVE-2023-26360, an improper access control vulnerability that can result in arbitrary code execution.

The bug affects versions of ColdFusion 2018 prior to Update 16 and ColdFusion 2021 prior to Update 6. It also affects two older versions of the web-application development software which are no longer…


Source link

About coldfusion

Check Also

The History and Size of Microsoft | ColdFusion – MSN

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *