virus logo Intrusion Prevention

Adobe.ColdFusion.CVE-2023-29298.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass Vulnerability in Adobe ColdFusion.
This vulnerability is due to improper access control in the vulnerable application. An unauthenticated, remote attacker may be able to exploit this via a crafted request. Successful exploitation could lead to arbitrary code execution within the security context of the affected system.

description-logoOutbreak Alert

FortiGuards labs observed extremely widespread exploitation attempts relating to security bypass vulnerabilities in Adobe ColdFusion. Successful exploitation could result in access of the ColdFusion Administrator endpoints.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Adobe ColdFusion CF2018 update 16
Adobe ColdFusion CF2021 update 6
Adobe ColdFusion CF2023 GA Release (2023.0.0) and earlier

Impact logoImpact

Security Bypass: Remote attackers can bypass security checks of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrades or patches from the vendor.
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2023-10-05 25.651
Modified
 Sig Added
2023-08-21 25.624
Modified
 Sig Added
2023-07-24 25.607
Modified
 Default_action:pass:drop
2023-07-11 24.598
New

References

https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
ID 53373
Created Jul 11, 2023
Updated Dec 04, 2023
CVE ID
Tags Adobe ColdFusion Access Bypass
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.29%
Default Action drop
Active
Affected OS Windows, Linux, MacOS
Affected App Adobe
Profile Type Permission/Privilege/Access Control