Critical Adobe ColdFusion Vulnerability (CVE-2023-26360) Exploited as a Zero-day
Dark Lab on Mar 17 2023
Share:
On 15 March 2023, CISA added a critical Adobe ColdFusion improper access control (CVE-2023-26360) to their Known Exploited Vulnerabilities Catalog as the vulnerability is currently being actively exploited in the wild by malicious actors. The improper access control vulnerability impacting Adobe ColdFusion’s web application development platform enables an unauthenticated attacker to achieve remote code execution on potentially vulnerable hosts.
As at the time of writing, no technical details have been disclosed on the vulnerability. Though there is no information regarding the attackers known to exploit the vulnerability, CISA noted that they observe the vulnerability being exploited in the wild in very limited attacks.
Given the active exploitation, we urge impacted users to apply the latest patch as soon as possible. We posit that given the ability for exploitation of CVE-2023-26360 to achieve RCE, opportunistic cybercriminals will quickly aim to weaponise CVE-2023-26360, particularly upon release of a PoC.
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
As at the time of writing, no technical details have been disclosed on the vulnerability. Though there is no information regarding the attackers known to exploit the vulnerability, CISA noted that they observe the vulnerability being exploited in the wild in very limited attacks.
Given the active exploitation, we urge impacted users to apply the latest patch as soon as possible. We posit that given the ability for exploitation of CVE-2023-26360 to achieve RCE, opportunistic cybercriminals will quickly aim to weaponise CVE-2023-26360, particularly upon release of a PoC.
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html