GreyNoise detection engineers have released tags for
Citrix ADC/NetScaler CVE-2023-3519 Remote Code Execution (RCE) Attempts
Adobe ColdFusion CVE-2023-29298 Access Control Bypass Attempts
Adobe ColdFusion CVE-2023-29300 Remote Code Execution (RCE) Attempts
Adobe ColdFusion Vulnerabilities
CVE-2023-29298 is an Improper Access Control vulnerability affecting Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier), and 2023.0.0.330468 (and earlier). This vulnerability could result in a security feature bypass, allowing an attacker to access the administration CFM and CFC endpoints without user interaction. The vulnerability has a CVSS 3.x base score of 7.5, indicating high severity.
CVE-2023-29300 is a Deserialization of Untrusted Data vulnerability impacting Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier), and 2023.0.0.330468 (and earlier). This vulnerability could result in arbitrary code execution without user interaction. The vulnerability has a CVSS 3.x base score of 9.8, indicating critical severity.
Citrix ADC/NetScaler Vulnerability
CVE-2023-3519 is an unauthenticated remote code execution (RCE) vulnerability impacting several versions of Citrix ADC and Citrix Gateway. This vulnerability allows a malicious actor to execute arbitrary code on affected appliances. It may also serve as an initial access vector for ransomware and other types of malicious campaigns. GreyNoise would like to thank the Capability Development team at Bishop Fox for collaborating with us to track this emerging threat. They have an excellent, detailed write-up for folks interested in more details.
CISA's Known Exploited Vulnerabilities Catalog
All three vulnerabilities are listed in CISA's Known Exploited Vulnerabilities Catalog, meaning they have been observed being exploited in the wild and pose significant risks to organizations. Organizations should prioritize remediation efforts for these vulnerabilities to reduce the likelihood of compromise by known threat actors.
External Resources
- Citrix support bulletin
- CISA has an advisory for the NetScaler vulnerability
- The aforelinked Bishop Fox write-up
- Assetnote has a solid write-up in their Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway
- Rapid7 has an AttackerKB Analysis of the NetScaler situation
Enhance Security with GreyNoise's Threat Intelligence Data
Organizations are strongly encouraged to use GreyNoise’s hourly updated threat intelligence data to block IP addresses that are seen exploiting these vulnerabilities. By leveraging GreyNoise's tags and alerts, organizations can enhance their security posture and protect their systems from potential exploitation attempts while allowing their operations teams time to apply patches or mitigations.