Hackers Exploit Critical ColdFusion Vulnerabilities, Installing Webshells on Vulnerable Servers

by | Jul 18, 2023 | News

Hackers Exploit Critical ColdFusion Vulnerabilities, Webshells

Post Views: 587

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

A recent study conducted by Rapid7 researchers has revealed that hackers are actively exploiting two critical vulnerabilities in ColdFusion, a popular web application development platform. These vulnerabilities allow threat actors to bypass authentication and remotely execute commands, leading to the installation of webshells on vulnerable servers.

Bypassing controls

The first vulnerability, tracked as CVE-2023-29298, is an access control bypass vulnerability that was disclosed by Adobe on July 11th. The second vulnerability, identified as CVE-2023-38203, is a critical remote code execution flaw. Rapid7 researchers have observed threat actors chaining these two exploits together to carry out attacks.

The CVE-2023-29300 vulnerability, which is part of the attack chain, allows unauthenticated visitors to execute commands remotely on vulnerable ColdFusion servers. Despite not being actively exploited at the time of disclosure, a proof-of-concept exploit for CVE-2023-29300 was published in a now-removed blog post by Project Discovery on July 12th.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

According to Project Discovery’s blog post, the vulnerability stems from insecure deserialization in the WDDX library of Adobe ColdFusion 2021 (Update 6). Exploiting this vulnerability enables remote code execution by utilizing an unsafe use of the Java Reflection API.

Adobe addressed this vulnerability by implementing a deny list for the Web Distributed Data eXchange (WDDX) library, preventing the creation of malicious gadget chains. However, a subsequent out-of-band security update for CVE-2023-38203 was released by Adobe on July 14th, indicating the need for additional fixes.

Rapid7 researchers have observed attackers chaining exploits for CVE-2023-29298 and a vulnerability similar to the one demonstrated in Project Discovery’s writeup. These exploits enable threat actors to bypass security measures and install webshells on vulnerable ColdFusion servers, granting them remote access.

Trending: Post-Exploitation Techniques: Maintaining Access, Escalating Privileges, Gathering Credentials, Covering Tracks

Trending: Offensive Security Tool: Nucleimonst3r

Update ColdFusion to Prevent Exploit Chains

While there is no comprehensive patch available for CVE-2023-29298, Rapid7 advises that updating ColdFusion to the latest version, which addresses CVE-2023-38203, can prevent the exploit chain. Administrators are strongly urged to upgrade their ColdFusion installations to the latest version to mitigate the risks associated with these vulnerabilities and protect their systems from unauthorized access.

Trending: Fake PoC Exploit Targets Cybersecurity Researchers with Linux Malware

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This