CISA Issues Urgent Warning: Adobe ColdFusion Vulnerability Exploited in the Wild

Adobe ColdFusion Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on March 15 added a security vulnerability impacting Adobe ColdFusion to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

The critical flaw in question is CVE-2023-26360 (CVSS score: 8.6), which could be exploited by a threat actor to achieve arbitrary code execution.

“Adobe ColdFusion contains an improper access control vulnerability that allows for remote code execution,” CISA said.

The vulnerability impacts ColdFusion 2018 (Update 15 and earlier versions) and ColdFusion 2021 (Update 5 and earlier versions). It has been addressed in versions Update 16 and Update 6, respectively, released on March 14, 2023.

It’s worth noting that CVE-2023-26360 also affects ColdFusion 2016 and ColdFusion 11 installations, but are no longer supported by the software company as they have reached end-of-life (EoL).

While the exact details surrounding the nature of the attacks are unknown, Adobe said in an advisory that it’s aware of the flaw being “exploited in the wild in very limited attacks.”

Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.

RESERVE YOUR SEAT

Federal Civilian Executive Branch (FCEB) agencies are required to apply the updates by April 5, 2022, to safeguard their networks against potential threats.

Charlie Arehart, a security researcher credited with discovering and reporting the flaw alongside Pete Freitag, described it as a “grave” issue that could result in “arbitrary code execution” and “arbitrary file system read.”



Original Source


 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn