Winter is coming… and so is CVE-2023-26360: Critical Adobe ColdFusion Vulnerability Exploited in the Wild

Share This Post

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability, CVE-2023-26360, that affects Adobe ColdFusion 2018 and 2021 versions to its catalog of security bugs that have been exploited in the wild. This flaw is due to an Improper Access Control weakness and can be remotely abused by unauthenticated attackers in low-complexity attacks that don’t require user interaction. Adobe has patched this vulnerability in ColdFusion 2018 Update 16 and ColdFusion 2021 Update 6, and it has been used as a zero-day vulnerability in limited attacks targeting Adobe ColdFusion. The administrators are advised to install security updates and apply security configuration settings outlined in the ColdFusion 2018 and ColdFusion 2021 lockdown guides. The CISA has given all US Federal Civilian Executive Branch Agencies (FCEB) agencies three weeks to secure their systems against potential attacks using CVE-2023-26360 exploits.

Links:

https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html

https://www.bleepingcomputer.com/news/security/cisa-warns-of-adobe-coldfusion-bug-exploited-as-a-zero-day/

ColdFusion 2018 lockdown guide:

https://helpx.adobe.com/coldfusion/using/server-lockdown.html

ColdFusion 2021 lockdown guide:

https://www.adobe.com/content/dam/cc/us/en/products/coldfusion/pdfs/cf-starter-kits/coldfusion-2021-lockdown-guide-1.1.pdf



Reach out to our incident response team for help

More To Explore

Information Security News – 1/6/2025

Emerging Threats & Vulnerabilities to Prepare for in 2025 Article Link: https://www.darkreading.com/vulnerabilities-threats/emerging-threats-vulnerabilities-prepare-2025 These Were the Badly Handled Data Breaches of 2024 Article Link: https://techcrunch.com/2024/12/26/badly-handled-data-breaches-2024/ Biden

Information Security News – 12/23/2024

CISA Orders Federal Agencies to Secure Microsoft 365 Tenants Article Link: https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/amp/Hackers Using New IoT/OT Malware IOCONTROL To Control IP Cameras, Routers, PLCs, HMIs And

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.