CISA Identifies Critical Vulnerability in Adobe ColdFusion

by | Mar 16, 2023 | News

cisa critical vulnerability in Adobe ColdFusion

Post Views: 383

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

CISA issues urgent warning to federal agencies to patch ColdFusion servers

Following the discovery of a critical vulnerability in Adobe ColdFusion, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning. The flaw, known as CVE-2023-26360, can be exploited remotely by attackers who do not require user interaction. Adobe has since released security updates to address the flaw, which was being actively exploited in the wild as a zero-day. While ColdFusion 2016 and ColdFusion 11 installations are also affected, Adobe is no longer providing security updates for these versions. As a result, administrators are advised to update their systems within 72 hours, as the risk of exploitation is significant.

To further emphasize the urgency of this situation, CISA has given all U.S. Federal Civilian Executive Branch Agencies (FCEB) three weeks to secure their systems against potential attacks. While the order only applies to federal agencies, all organizations are strongly urged to patch their systems. The consequences of exploitation can be severe, and malicious cyber actors often take advantage of vulnerabilities like this.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

Adobe releases security updates to fix ColdFusion vulnerabilities

In a separate blog post, Adobe announced the ColdFusion 2021 and 2018 March 2023 Security Updates. However, the company failed to mention that the patched security vulnerabilities were also exploited in the wild. Security researcher Charlie Arehart warned administrators of the importance of these updates and the need to patch them urgently. Arehart reported that he had personally seen both the ‘arbitrary code execution’ and ‘arbitrary file system read’ vulnerabilities being perpetrated on multiple servers.

Trending: Major Cyber Attacks of 2022

Trending: Offensive Security Tool: CrackQL

ColdFusion admin warns of the seriousness of recent security update

The implications of the CVE-2023-26360 vulnerability are significant, and it is crucial that administrators act fast to secure their systems. With CISA and security experts warning of the grave risks posed by this flaw, it is clear that the threat is real and immediate. By installing the security updates and following the recommended security configuration settings, administrators can take steps to protect their systems from exploitation.

Trending: Proof-of-concept for critical Microsoft Word vulnerability published

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This