The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a cybersecurity advisory (CSA) concerning a severe threat targeting government agencies. A critical vulnerability in Adobe ColdFusion is being actively exploited by unidentified threat actors, resulting in breaches within federal agencies. Although CISA hasn’t disclosed the agencies affected, the severity of this vulnerability demands immediate attention.
The vulnerability in question, CVE-2023-26360, poses a substantial threat and is categorized as an improper access control issue. It enables threat actors to execute arbitrary code, wreaking potential havoc within affected systems. Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are susceptible to this exploit. ColdFusion, widely used for rapid web application development, facilitates the creation of web applications and integration with databases and third-party assets.
The timeline of attacks is concerning. On June 26, 2023, threat actors exploited the vulnerability in Adobe ColdFusion v2016.0.0.3, marking the inception of the breach. Another incident on June 2, 2023, targeted a web server running Adobe ColdFusion v2021.0.0.2. These breaches highlight the urgency for quick action against this exploit.
CISA’s investigation indicated that the affected agencies were running outdated software versions, making them vulnerable to various threats, including CVE-2023-26360. Malware insertion and reconnaissance campaigns were the primary objectives of the threat actors. However, there’s no evidence of data exfiltration or lateral movement within the breached systems. The impacted agencies managed to contain and lock out the attackers within a 24-hour window.
At Nuspire, we prioritize the security of our clients. Our approach includes prompt application of patches per vendor recommendations and proactive threat hunting within client environments.
Mitigating this threat demands swift action and heightened vigilance:
The recent breaches underscore the critical need for organizations to fortify their cybersecurity posture – especially government organizations, which are high-value targets for threat actors. Prompt application of patches and heightened awareness are essential shields against exploits of this nature.