Security News > 2023 > October > US cybercops urge admins to patch amid ongoing Confluence chaos

US cybercops urge admins to patch amid ongoing Confluence chaos
2023-10-17 13:02

US authorities have issued an urgent plea to network admins to patch the critical vulnerability in Atlassian Confluence Data Center and Server amid ongoing nation-state exploitation.

"Due to the ease of exploitation, CISA, FBI, and MS-ISAC expect to see widespread exploitation of unpatched Confluence instances in government and private networks."

"Organizations are encouraged to review all affected Confluence instances for evidence of compromise, as outlined by Atlassian," the advisory reads.

The Register asked Atlassian about how many Confluence instances remain unpatched but it did not answer specific questions on the matter.

GreyNoise's data on attempted exploits of CVE-2023-22515 indicates that the number of unique IPs trying to exploit the vulnerability is low, but the numbers are consistent with the known IPs disclosed by Microsoft.

"While there are immediate concerns such as increased risk of exploitation and the potential integration into malware toolkits, the availability of a proof-of-concept presents an array of security and operational challenges that extend beyond these immediate issues. Immediate action is strongly advised to address the potential risks associated with this development," said CISA, FBI, and MS-ISAC. As of October 10, Microsoft was aware of four IPs sending exploit traffic and the FBI's investigation revealed a further five.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/17/confluence_zero_day_advisory/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8