• Language chooser
    • USA (English)
    • France (Français)

virus logo Outbreak Alert

Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities

Released: Aug 21, 2023

Updated: Aug 21, 2023

Download PDF »

Adobe ColdFusion Code Execution

High Severity

Adobe Vendor

Vulnerability Type

Exploited in the wild and actively targeted

FortiGuard Labs continue to see cyber-attacks targeting to exploit the ColdFusion vulnerability CVE-2023-26360. Blocking over multiple hundreds of attacks over the last weeks. Learn More »

Common Vulnerabilities and Exposures

CVE-2023-26359
CVE-2023-26360

Background

Adobe ColdFusion is a commercial rapid web-application and mobile applications development platform. Adobe ColdFusion is affected by Deserialization of Untrusted Data vulnerabilities (CVE-2023-26359, CVE-2023-26360) that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require any user interaction.

Threat Radar Overall Score:
CVSS Rating 9.0
FortiRecon Score 96/100
Known Exploited Yes
Exploit Prediction Score 96.4%
FortiGuard Telemetry 7508

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


March 14, 2023: Adobe released the advisory and confirmed exploitation. "Adobe is aware that CVE-2023-26360 has been exploited in the wild in very limited attacks targeting Adobe ColdFusion."
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

March 15, 2023: FortiGuard Labs released Threat Signal (CVE-2023-26360)
https://www.fortiguard.com/threat-signal-report/5063

March 15, 2023: CISA added (CVE-2023-26360) to its known exploited catalog (KEV)


Aug 21, 2023: CISA added CVE-2023-26359 to its known exploited list


FortiGuard customers remain protected by the IPS signature added for CVE-2023-26360 back in April 2023. However, we continue to see targeted attacks to exploit the vulnerability. IPS devices blocked over multiple hundered of attacks over the last month. FortiGuard Labs is investigating IPS protection for CVE-2023-26359 and will update this report once there is any new update.

FortiGuard Labs strongly advises to see vendor advisory and apply patches to Adobe Coldfusion if not already done.
https://coldfusion.adobe.com/2023/03/released-coldfusion-2021-and-2018-march-2023-security-updates/

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT

  • AV

  • Vulnerability

  • AV (Pre-filter)

  • IPS

  • Web App Security

DETECT

  • Outbreak Detection

  • Threat Hunting

  • Content Update

RESPOND

  • Assisted Response Services

  • Automated Response

RECOVER

  • NOC/SOC Training

  • End-User Training

IDENTIFY

  • Attack Surface Hardening

  • Business Reputation

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
195.58.48.155 ip Active
redteam.tf domain Active
5.182.36.4 ip Active
a3acb9f79647f813671c1a21097a51836b0b95397ebc9cd... file Active
23.224.55.116 ip Active
23.224.55.116:443 ip Active
146.70.113.100 ip Active
146.70.113.100:443 ip Active
146.70.113.121 ip Active
146.70.113.121:443 ip Active
146.70.113.122 ip Active
146.70.113.122:443 ip Active
146.70.113.123 ip Active
146.70.113.123:443 ip Active
185.100.233.185 ip Active
185.100.233.185:443 ip Active
185.100.233.194 ip Active
185.100.233.194:443 ip Active
185.100.233.197 ip Active
185.100.233.197:443 ip Active
185.100.233.198 ip Active
185.100.233.198:443 ip Active
185.100.233.201 ip Active
185.100.233.201:443 ip Active
185.100.233.202 ip Active
185.100.233.202:443 ip Active
45.11.182.73 ip Active
45.11.182.73:443 ip Active
45.155.7.21 ip Active
45.155.7.21:443 ip Active
08d2d815ff070b13a9f3b670b2132989c349623db2de154... file Active
62.233.50.13 ip Active
rlgt1hin2gdk2p3teyhuetitrkxblg95.oastify.com domain Active
103.255.177.55 ip Active
103.255.177.55:6895 ip Active
81.68.197.3 ip Active
81.68.214.122 ip Active
82.156.147.183 ip Active
cjb0dg4dmeg3qctoj9ugtdc7tpxgxnk34.oast.fun domain Active
cjfpt8dh4km4k6tq39dgub7j3s3m8xwpm.oast.fun domain Active
cjg5lgf0fpfcboms8k10g1cw8ax88jsox.fireinteractsh.com domain Active
cjjp06m85s4s77tfcg103q99d5wftcc8j.oast.pro domain Active
h4ck4fun.xyz domain Active
http://101.43.20.5:13338/ url Active
http://103.255.177.55:6895/fxgdzcsg.exe url Active
http://103.255.177.55:6895/llli url Active
http://103.255.177.55:6895/sffvsf.exe url Active
http://185.212.47.109/60000 url Active
http://cj20amuicc8sb5d8cag0z9qwia3azc9yb.h4ck4f... url Active
http://cj29gt5eu2jkr06q4n00muiz4suhgs6t6.ish.re... url Active
http://cjb0dg4dmeg3qctoj9ugtdc7tpxgxnk34.oast.f... url Active
http://cjfmau9d191muemej9ugoya4axamrfts1.mooo-n... url Active
http://cjfpt8dh4km4k6tq39dgub7j3s3m8xwpm.oast.f... url Active
http://cjg5lgf0fpfcboms8k10g1cw8ax88jsox.firein... url Active
http://cjjp06m85s4s77tfcg103q99d5wftcc8j.oast.p... url Active
mooo-ng.com domain Active
101.43.20.5 ip Active
185.212.47.109 ip Active
125.227.50.97 ip Active
158.101.73.241 ip Active
b6818d2d5cbd902ce23461f24fc47e24937250e6 file Active
be332b6e2e2ed9e1e57d8aafa0c00aa77d4b8656 file Active

References

Sources of information in support and relation to this Outbreak and vendor.


Bleeping Computer

Learn More »
Helpnet Security

Learn More »
About FortiGuard Outbreak Alerts

Learn More »