Hackers breach US govt agencies using Adobe ColdFusion exploit

2023-12-05 17:07

The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.

The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier.

The first incident was recorded on June 26 and relied on the critical vulnerability to breach a server running Adobe ColdFusion v2016.

The second incident occurred on June 2 when the hackers exploited CVE-2023-26360 on a server running Adobe ColdFusion v2021.

Hackers exploit recent F5 BIG-IP flaws in stealthy attacks.

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide.

News URL

https://www.bleepingcomputer.com/news/security/hackers-breach-us-govt-agencies-using-adobe-coldfusion-exploit/

#adobe #breach #coldfusion #exploit #hacker #US #CVE-2023-26360

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-23	CVE-2023-26360	Improper Access Control vulnerability in Adobe Coldfusion 2018/2021 Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. network low complexity adobe CWE-284	8.6

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Adobe		164	60	1919	820	2135	4934

News URL

Related news

Related Vulnerability

Related vendor