Adobe ColdFusion is a commercial rapid web-application development computing platform created in 1995. ColdFusion was originally designed to make it easier to connect simple HTML pages to a database.
It’s an application server and a platform for building and deploying web and mobile applications. ColdFusion is a rapid scripting environment for creating dynamic internet applications using ColdFusion Markup Language (CFML) and is most often used for data-driven websites or intranets.
Hackers are actively exploiting a critical security bug in Adobe ColdFusion to gain initial access to government servers, compromising the security of government agencies. The security bug in Adobe ColdFusion was exploited as zero day before the software maker fixed it in mid-March.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial access to government servers.
"The vulnerability in ColdFusion (CVE-2023-26360) presents as an improper access control issue and exploitation of this CVE can result in arbitrary code execution," CISA said, adding an unnamed federal agency was targeted between June and July 2023.
There is evidence to suggest that the malicious activity is a reconnaissance effort carried out to map the broader network, although no lateral movement or data exfiltration has been observed.
In one of the incidents, the adversary was observed traversing the filesystem and uploading various artifacts to the web server, including binaries that are capable of exporting web browser cookies as well as malware designed to decrypt passwords for ColdFusion data sources.
The agency notes that "both servers were running outdated versions of software which are vulnerable to various CVEs.” CISA says that, the threat actors leveraged the vulnerability to drop malware using HTTP POST commands to the directory path associated with ColdFusion.
Moving forward, this vulnerability allows attackers to gain initial access to government servers and execute arbitrary code.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
