Computer security

CISA Alert: Ongoing Adobe ColdFusion Vulnerability Exploitation in Government Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerts to the ongoing exploitation of a critical vulnerability in Adobe ColdFusion, known as CVE-2023-26360, aimed at gaining initial access to government servers.

This security concern permits the execution of arbitrary code on servers operating Adobe ColdFusion 2018 Update 15 and older, as well as 2021 Update 5 and earlier. The vulnerability was exploited as a zero-day until Adobe addressed it mid-March with ColdFusion 2018 Update 16 and 2021 Update 6 releases.

Despite the fix, CISA warns that CVE-2023-26360 is still being exploited. Incidents in June affected two federal agency systems, with threat actors leveraging the vulnerability to drop malware using HTTP POST commands to the ColdFusion-associated directory path.

CISA reveals that both incidents involved servers running outdated software versions vulnerable to various CVEs. In the first incident on June 26, the attackers exploited the critical vulnerability to breach a server running Adobe ColdFusion v2016.0.0.3. They conducted process enumeration, and network checks, and installed a web shell (config.jsp), enabling them to insert code into a ColdFusion configuration file and extract credentials.

Tools the attacker used in the first attack (CISA)

The second incident on June 2 saw hackers exploiting CVE-2023-26360 on a server running Adobe ColdFusion v2021.0.0.2. The attackers gathered user account information, dropped a text file decoded as a remote access trojan (d.jsp), and attempted to exfiltrate Registry files and security account manager (SAM) information.

Both attacks were detected and blocked before data exfiltration or lateral movement occurred. CISA categorizes the attacks as reconnaissance efforts, but it remains uncertain if the same threat actor is responsible for both intrusions.

To mitigate the risk, CISA advises upgrading ColdFusion to the latest version, implementing network segmentation, setting up a firewall or WAF, and enforcing signed software execution policies.

Share the article with your friends
William Marshal

William has been one of the key contributors to 'The Cybersecurity Times' with 9.5 years of experience in the cybersecurity journalism. Apart from writing, he also like hiking, skating and coding.

Recent Posts

Best Microsoft Intune Alternatives: Top 5 MDMs to Consider

Explore the top 5 best Microsoft Intune alternatives, comparing key features, user reviews, and capabilities…

1 day ago

Top 7 Best Smartphones with Best Security Features in 2024

Discover the top 7 smartphones of 2024 with best security features, offering privacy, performance, and…

3 weeks ago

Top 11 Log Management Tools for Efficient System Management

Discover the top 11 log management tools for efficient system management and monitoring. Learn about…

2 months ago

Top 5 Threat Intelligence Tools For 2024

Explore the top 5 threat intelligence tools, their features, and how they enhance cybersecurity against…

2 months ago

Privileged Access Management: 5 Best PAM Solutions in the Market

Explore the top 5 best PAM Tools, market trends, and expert insights to secure the…

2 months ago

Apple Device Management: Top Solutions for iOS and macOS Management

Explore the top solutions for Apple Device Management including to iOS Device Management and macOS…

2 months ago