Coldfusion

Threat actors abused a known Adobe ColdFusion bug to carry out two attacks on a U.S. federal agency’s systems two months after a mandated deadline to mitigate the vulnerability had passed. The incident was disclosed in a Dec. 5 cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency (CISA) which did not name the federal civilian executive branch (FCEB) agency involved. The attacks — carried out by either one or two unknown threat groups — exploited CVE-2023-26360, an improper access control vulnerability that can result in arbitrary code execution. The bug affects versions of ColdFusion 2018 prior to Update 16 and ColdFusion 2021 prior to Update 6. It also affects two older versions of the web-application development software which are no longer… Source link

Dec 06, 2023NewsroomVulnerability / Web Server Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers. “The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution,” CISA said, adding an unnamed federal agency was targeted between June and July 2023. The shortcoming affects ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023. It was added by CISA to the Known… Source link

In a new advisory that shows why it’s critical to keep Adobe ColdFusion deployments up to date, the US Cybersecurity and Infrastructure Security Agency (CISA) warns that two federal agencies were breached by attackers in June through an unpatched vulnerability in the application server software. The attackers used their access to deploy web shells and collect information that would enable lateral movement in the environments. The breached ColdFusion instances were outdated in both cases as the exploited vulnerability had a fix available since March. “Analysis suggests that the malicious activity conducted by the threat actors was a reconnaissance effort to map the broader network,” CISA said in its advisory without attributing the attacks to any known group. “No… Source link

[unable to retrieve full-text content]Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw  Security Affairs Source link

[unable to retrieve full-text content]ColdFusion Exploit Used to Access Federal Agency  Duo Security Source link

[unable to retrieve full-text content]Federal agency breached through Adobe ColdFusion vulnerability  The Record from Recorded Future News Source link

[unable to retrieve full-text content]CISA details twin attacks on federal servers via unpatched ColdFusion flaw  The Register Source link

[unable to retrieve full-text content]Critical Vulnerability in Adobe ColdFusion Exploited by Hackers …  CityLife Source link

[unable to retrieve full-text content]Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial …  CISA Source link

Unknown attackers exploited a known access control vulnerability in two Adobe ColdFusion application servers at a federal government agency in June, gaining access to the environment, uploading a webshell, and adding malicious code to the servers. There were two separate incidents at the unnamed agency in June, and according to a new advisory from the Cybersecurity and Infrastructure Security Agency the attacks may be the work of one group or two separate groups. The intrusions appeared to be focused on reconnaissance and mapping out the network infrastructure, and CISA said there is no evidence that data was exfiltrated during the intrusions. In both instances, the attackers exploited CVE-2023-26360 in ColdFusion, a bug that Adobe released a fix for in March. “In both… Source link