Unknown attackers are currently targeting a “critical” vulnerability in Adobe ColdFusion. If attacks are successful, malicious code lands on systems.
The Cybersecurity Infrastructure Security Agency (CISA) warns of the attacks. The agency has added the vulnerability (CVE-2023-26359) to its catalog of known exploited vulnerabilities.
Malicious code vulnerability
What attacks look like in detail is not yet clear. If an attack succeeds, an attacker can execute malicious code in the context of the current user. Due to the critical classification, it can be assumed that successfully attacked systems are considered completely compromised.
Adobe already closed the vulnerability on patch day in March 2023. Admins should ensure that the versions ColdFusion 2018 Update 16 or ColdFusion 2021 Update 6 are installed against the attacks. All previous releases are vulnerable. According to the developers, all platforms are affected by the gap.
Go to home page
#Patch #Attackers #push #malicious #code #gaps #Adobe #ColdFusion