A vulnerability within Adobe ColdFusion could result in arbitrary system file reads and writes. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk.
What is the threat?
The vulnerability, tracked as CVE-2024-20767, was found within the ColdFusion admin panel that enables attackers to bypass access control measures and perform arbitrary file reads and writes.
Why is it noteworthy?
There are currently over 200,000 publicly exposed ColdFusion servers with many having their admin panels publicly accessible. With no user interaction, attackers can access and modify protected files which can result in a loss of data and integrity of the system. This vulnerability also opens the door up to further exploits which would allow an attacker to gain a presence on the system and pivot to others.
What is the exposure or risk?
The vulnerability affects ColdFusion versions 2023.6, 2021.12, and earlier.
What are the recommendations?
Barracuda recommends the following actions to secure your ColdFusion server:
- Update ColdFusion with the latest security patch.
- Ensure only known IPs or local IPs can access the interface.
- Segregate critical assets on the network and restrict access using network segmentation to prevent lateral movement in case of compromise.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/
- https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
- https://blog.securelayer7.net/coldfusion-path-traversal-and-weblogic-unauthenticated-rce-remediation/
- https://en.fofa.info/result?qbase64=YXBwPSJBZG9iZS1Db2xkRnVzaW9uIg%3D%3D
- https://www.cisa.gov/news-events/alerts/2024/12/16/cisa-adds-two-known-exploited-vulnerabilities-catalog
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.