Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw

An unidentified threat actor or threat actors gained access to two public facing Web servers at a US federal government agency earlier this year by exploiting a critical but previously patched vulnerability in Adobe ColdFusion.

The intrusions appear to have been part of a reconnaissance attempt by the attackers to map out the agency’s broader network, but there’s no evidence of data exfiltration or lateral movement on the compromised network, the US Cybersecurity and Infrastructure Security Agency (CISA) said this week.

Two Intrusions

In an advisory, the agency described the attacks as taking place in June and July and involving CVE-2023-26360, an improper access control vulnerability that enables remote code execution on affected systems. The vulnerability affects multiple ColdFusion…


Source link

About coldfusion

Check Also

The History and Size of Microsoft | ColdFusion – MSN

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *