Security News

Attackers are exploiting two Adobe ColdFusion vulnerabilities to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. CVE-2023-29298, a critical improper access control flaw that could allow attackers to bypass a security feature CVE-2023-29300, a deserialization of untrusted data that could be exploited for arbitrary code execution CVE-2023-29301, another security feature bypass vulnerability.

Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers. The active exploitation was seen by researchers at Rapid7, which says threat actors are chaining together exploits for an access control bypass vulnerability and what appears to be CVE-2023-38203, a critical remote code execution vulnerability.

Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks.CVE-2023-29300 is rated as critical with a 9.8 severity rating, as it can be used by unauthenticated visitors to remotely execute commands on vulnerable Coldfusion 2018, 2021, and 2023 servers in low-complexity attacks.