Security News > 2023 > December > CISA details twin attacks on federal servers via unpatched ColdFusion flaw

CISA details twin attacks on federal servers via unpatched ColdFusion flaw
2023-12-05 17:40

CISA has released details about a federal agency that recently had at least two public-facing servers compromised by attackers exploiting a critical Adobe ColdFusion vulnerability.

In a Tuesday advisory, CISA revealed the federal civilian executive branch in question was successfully attacked in June and into July, meaning the vulnerability went unpatched for more than three months after CISA's deadline.

CISA did not respond to questions about whether the agency has now patched the vulnerability, who was behind the attack, or its stance on the missed deadline.

Analysis of logs revealed the two servers identified as compromised were attacked in what appears to be two separate attacks.

It's believed both campaigns were designed as reconnaissance efforts to understand the broader network, although CISA also declined to say if the two attacks were linked to the same operators.

CISA said it's highly likely that the attackers accessed the ColdFusion seed value and encryption method used to encrypt passwords - a method that can also be used to decrypt them.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/05/cisa_coldfusion_government/