Security News > 2023 > November > Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
2023-11-06 17:39

Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware.

Described by Atlassian as an improper authorization vulnerability and tracked as CVE-2023-22518, this bug received a 9.1/10 severity rating, and it affects all versions of Confluence Data Center and Confluence Server software.

Cybersecurity company Rapid7 also observed attacks against Internet-exposed Atlassian Confluence servers with exploits targeting the CVE-2023-22518 auth bypass and an older critical privilege escalation previously exploited as a zero-day.

"In multiple attack chains, Rapid7 observed post-exploitation command execution to download a malicious payload hosted at 193.43.72[.]11 and/or 193.176.179[.]41, which, if successful, led to single-system Cerber ransomware deployment on the exploited Confluence server."

CISA, the FBI, and the Multi-State Information Sharing and Analysis Center issued a joint advisory last month, urging network administrators to immediately secure Atlassian Confluence servers against the actively exploited CVE-2023-22515 privilege escalation bug, which has been under active exploitation since at least September 14, according to a Microsoft report.

Cerber ransomware was also deployed in attacks targeting Atlassian Confluence servers two years ago using a remote code execution vulnerability, a bug previously exploited to install crypto-miners.


News URL

https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-bug-exploited-in-cerber-ransomware-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-31 CVE-2023-22518 Incorrect Authorization vulnerability in Atlassian Confluence Data Center
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability.
network
low complexity
atlassian CWE-863
critical
9.8
2023-10-04 CVE-2023-22515 Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.
network
low complexity
atlassian
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 56 275 59 36 426