Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability that could lead to arbitrary code execution. Adobe disclosed and fixed the flaw in mid-March 2023, and said that it was “aware that CVE-2023-26360 has been exploited in the wild in very limited attacks”. CVE-2023-26360 affected Adobe ColdFusion versions 2021, 2018, 2016 and 11, but Adobe provided patches only for the former two, as ColdFusion 2016 and 11 had previously reached the end of their (product) lifecycle. CISA added the… Source link

Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency’s systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited CVE-2023-26360, an improper access control vulnerability that can result in arbitrary code execution. The bug affects versions of ColdFusion 2018 prior to Update 16 and ColdFusion 2021 prior to Update 6. It also affects two older versions of the web-application development software which are no longer… Source link

An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion. The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week. Two Intrusions In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion… Source link

In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable lateral movement in the environments. The breached ColdFusion instances were outdated in both cases as the exploited vulnerability had a fix available since March. “Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” CISA said in its advisory without attributing the attacks to any known group. “No… Source link

[unable to retrieve full-text content]Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency  SecurityWeek Source link

[unable to retrieve full-text content]Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw  Security Affairs Source link

[unable to retrieve full-text content]ColdFusion Exploit Used to Access Federal Agency  Duo Security Source link

[unable to retrieve full-text content]Federal agency breached through Adobe ColdFusion vulnerability  The Record from Recorded Future News Source link

[unable to retrieve full-text content]CISA details twin attacks on federal servers via unpatched ColdFusion flaw  The Register Source link

[unable to retrieve full-text content]Critical Vulnerability in Adobe ColdFusion Exploited by Hackers …  CityLife Source link