Hackers breach US govt agencies using Adobe ColdFusion exploit

2023-12-05 17:07

The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.

The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier.

The first incident was recorded on June 26 and relied on the critical vulnerability to breach a server running Adobe ColdFusion v2016.

The second incident occurred on June 2 when the hackers exploited CVE-2023-26360 on a server running Adobe ColdFusion v2021.

Hackers exploit recent F5 BIG-IP flaws in stealthy attacks.

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.

News URL

https://www.bleepingcomputer.com/news/security/hackers-breach-us-govt-agencies-using-adobe-coldfusion-exploit/

#adobe #breach #coldfusion #exploit #hacker #US #CVE-2023-26360

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-23	CVE-2023-26360	Unspecified vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. network low complexity adobe	8.6

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		104	49	860	1691	629	3229

News URL

Related news

Related Vulnerability

Related vendor