Contents:
Adobe released an emergency ColdFusion security update meant to fix critical vulnerabilities, including a new zero-day vulnerability.
Adobe fixed three vulnerabilities as part of their out-of-band update:
- CVE-2023-38204: a critical remote code execution (RCE) vulnerability (9.8 rating);
- CVE-2023-38205: a critical Improper Access Control flaw (7.8 rating);
- CVE-2023-38206: a moderate Improper Access Control flaw (5.3 rating).
Information About the Vulnerabilities
In a security bulletin released by Adobe to inform its customers about the patched vulnerabilities, the company said that the CVE-2023-38205 flaw was abused in limited attacks.
Adobe is aware that CVE-2023-38205 has been exploited in the wild in limited attacks targeting Adobe ColdFusion,
Adobe Security Bulletin (Source)
The CVE-2023-38205 is a patch bypass for the fix for CVE-2023-29298, a ColdFusion authentication bypass discovered on July 11th. On July 13th, Rapid7 noticed attackers deploying webshells on susceptible ColdFusion servers to install exploits for the CVE-2023-29298 and what seemed to be the CVE-2023-29300/CVE-2023-38203 weaknesses to obtain remote access to devices.
Rapid7’s researchers also determined that the fix released by Adobe for the CVE-2023-29298 vulnerability could be bypassed and notified the company that their patch is incomplete.
According to BleepingComputer, Adobe confirmed that the fix for the CVE-2023-29298 is included in APSB23-47 as the CVE-2023-38205 patch.
The versions affected by the vulnerabilities are:
- Adobe ColdFusion 2023 (Update 2 and earlier versions on all platforms);
- Adobe ColdFusion 2021 (Update 8 and earlier versions on all platforms);
- Adobe ColdFusion 2018 (Update 18 and earlier versions on all platforms).
Adobe recommends updating the ColdFusion JDK/JRE LTS version to the latest update release. They also warned them about applying the ColdFusion update with the corresponding JDK update, as otherwise, it will not secure the server.
How Can Heimdal® Helps You Improve Your Patching Practices
Good patching practices are crucial for keeping your business secure. Nowadays, considering the speed at which vulnerabilities appear, and threat actors are exploiting them, manually patching the systems in your organization simply does not cut it anymore. Heimdal®’s fully automated Patch & Asset Management solution keeps you protected and informed at all times about the latest vulnerabilities, whether you are talking about Windows, macOS, Linux, or even third-party and proprietary apps.
Book a demo now and see for yourself the effects a fully customizable, automated patch management solution has on the security of your business.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.