Despite Adobe’s release of security updates (APSB23-40, APSB23-41, and APSB23-47) in July to address critical vulnerabilities in its ColdFusion web development platform, Fortinet’s FortiGuard Labs has continued to observe significant threat exploitation.
The vulnerabilities in question center around the deserialization of untrusted data through Web Distributed Data eXchange (WDDX) data, which forms part of certain ColdFusion requests, posing a high risk of arbitrary code execution.
Fortinet’s observations include a range of attack techniques, including probing activities. Attackers have been using tools like “interactsh” to generate specific domain names, initially intended for researchers to test exploit success but also exploitable by malicious actors.
Furthermore, attackers have attempted to establish reverse shells, also known as remote shells or connect-back shells, with the goal of exploiting vulnerabilities in the target system, potentially gaining unauthorized access.
Despite the availability of patches for these vulnerabilities, FortiGuard Labs emphasizes that public attacks are ongoing. They strongly recommend immediate system upgrades and the application of FortiGuard protection to prevent threat probing and safeguard against these persistent threats targeting Adobe ColdFusion.
