IBM Aspera Faspex Vulnerability Actively Exploited by Ransomware Groups (CVE-2022-47986)
Dark Lab on Mar 31 2023
Share:
We observe multiple ransomware actors actively exploiting the IBM Aspera Faspex RCE vulnerability (CVE-2022-47986). The critical vulnerability has been persistently exploited by the Ransomware-as-a-Service (RaaS) operators IceFire and Buhti since early February 2023.
The vendor has released a patch to address multiple vulnerabilities including CVE-2022-47986. No further workarounds are available.
https://www.ibm.com/support/pages/node/6952319
https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
https://twitter.com/raphaelmendonca/status/1626288868898004993
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
The vendor has released a patch to address multiple vulnerabilities including CVE-2022-47986. No further workarounds are available.
https://www.ibm.com/support/pages/node/6952319
https://blog.assetnote.io/2023/02/02/pre-auth-rce-aspera-faspex/
https://twitter.com/raphaelmendonca/status/1626288868898004993
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/