An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion.
The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week.
Two Intrusions
In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion…
Source link
