Both servers were running outdated versions of software which are vulnerable to various CVEs. In both incidents, Microsoft Defender for Endpoint (MDE) alerted of the potential exploitation of an Adobe ColdFusion vulnerability on public-facing web servers in the agency’s pre-production environment. In June 2023, through the exploitation of CVE-2023-26360, threat actors were able to establish an initial foothold on two agency systems in two separate instances. ColdFusion uses a proprietary language, ColdFusion Markup Language (CFML), for development but the application itself is built using JAVA. ColdFusion supports proprietary markup languages for building web applications and integrates external components like databases and other third-party libraries. OverviewĪdobe ColdFusion is a commercial application server used for rapid web-application development. See the MITRE ATT&CK Tactics and Techniques section for tables mapped to the threat actors’ activity. Note: This advisory uses the MITRE ATT&CK ® for Enterprise framework, version 14. This CSA provides network defenders with tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), and methods to detect and protect against similar exploitation. Following the FCEB agency’s investigation, analysis of network logs confirmed the compromise of at least two public-facing servers within the environment between June and July 2023. Exploitation of this CVE can result in arbitrary code execution. CVE-2023-26360 also affects ColdFusion 2016 and ColdFusion 11 installations however, they are no longer supported since they reached end of life. This vulnerability presents as an improper access control issue impacting Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier). The Cybersecurity and Infrastructure Security Agency (CISA) is releasing a Cybersecurity Advisory (CSA) in response to confirmed exploitation of CVE-2023-26360 by unidentified threat actors at a Federal Civilian Executive Branch (FCEB) agency.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |