The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has sounded an urgent call to federal agencies to fortify Adobe ColdFusion servers within their networks. This appeal is aimed at addressing two critical security breaches currently being exploited, one being a zero-day.
Binding operational directive at play
Federal Civilian Executive Branch Agencies (FCEB) have been guided by the binding operational directive (BOD 22-01), which was introduced by CISA in November 2021. This mandates the agencies to patch their systems against all bugs present in the Known Exploited Vulnerabilities (KEV) catalog. The latest mandate requires U.S. FCEB agencies to fix two specific bugs (CVE-2023-29298 and CVE-2023-38205) by August 10th.
Private sector urged to respond
Although the KEV catalog mainly targets federal entities, private firms are strongly recommended to prioritize and promptly rectify these two vulnerabilities. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA remarked.
The ColdFusion conundrum
On July 11th, Adobe had rectified the access control bypass (CVE-2023-29298) and pre-auth RCE vulnerabilities (CVE-2023-29300). However, an erroneous alert that CVE-2023-29300 was being exploited was later withdrawn.
Rapid7 later reported that they observed attackers exploiting the CVE-2023-29298 and what seemed to be CVE-2023-29300/CVE-2023-38203 vulnerabilities to install web shells on susceptible ColdFusion servers, thereby gaining initial access to compromised devices.
Patch bypass detected
Further, on July 17th, Rapid7 detected a bypass for the CVE-2023-29298 patch (now known as CVE-2023-38205) that had already been exploited in attacks. Adobe swiftly rolled out security updates on July 19th to address this new CVE-2023-38205 zero-day exploit, warning that it was being leveraged in limited assaults targeting Adobe ColdFusion.
Additionally, CISA issued another directive this week urging federal agencies to secure Citrix servers vulnerable to the CVE-2023-3519 remote code execution (RCE) bug by August 9th. Security researchers at the Shadowserver Foundation unveiled that nearly 11,170 exposed Citrix Netscaler appliances are potentially vulnerable to attacks exploiting this flaw.
As we navigate this complex security landscape, what’s your take on this situation? How can organizations better protect themselves against such vulnerabilities? We welcome your insights in the comments section below.
{{user}} {{datetime}}
{{text}}