Security News > 2023 > July > Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)
2023-07-18 14:06

Attackers are exploiting two Adobe ColdFusion vulnerabilities to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers.

CVE-2023-29298, a critical improper access control flaw that could allow attackers to bypass a security feature CVE-2023-29300, a deserialization of untrusted data that could be exploited for arbitrary code execution CVE-2023-29301, another security feature bypass vulnerability.

At the time, there was no indication that any of them were being exploited in the wild.

"It's highly likely that Project Discovery thought they were publishing an n-day exploit for CVE-2023-29300. In actuality, what Project Discovery had detailed was a new zero-day exploit chain that Adobe fixed in an out-of-band update on July 14.".

To make matters worse, Rapid7 discovered on Monday that the fix for CVE-2023-29298 is also incomplete, and that a "Trivially modified exploit" still works against the latest version of ColdFusion.

"There is currently no mitigation for CVE-2023-29298, but the exploit chain Rapid7 is observing in the wild relies on a secondary vulnerability for full execution on target systems. Therefore, updating to the latest available version of ColdFusion that fixes CVE-2023-38203 should still prevent the attacker behavior our MDR team is observing," Condon concluded, and shared IoCs and details about the attackers' behavior.


News URL

https://www.helpnetsecurity.com/2023/07/18/cve-2023-29298-cve-2023-38203/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2023-38203 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.
network
low complexity
adobe CWE-502
critical
9.8
2023-07-12 CVE-2023-29301 Improper Restriction of Excessive Authentication Attempts vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass.
network
low complexity
adobe CWE-307
7.5
2023-07-12 CVE-2023-29300 Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.
network
low complexity
adobe CWE-502
critical
9.8
2023-07-12 CVE-2023-29298 Unspecified vulnerability in Adobe Coldfusion 2018/2021
Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
network
low complexity
adobe
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 166 68 2143 934 2114 5259