The exploited vulnerabilities, which enable remote code execution, are highly sought after by ransomware attackers and nation-state hackers. Organizations, regardless of their size, are currently rushing to patch these critical vulnerabilities, as they are already being actively exploited, leading to breaches that are highly desired by both ransomware actors and state-sponsored spies.
The first set of vulnerabilities exists in Adobe ColdFusion and certain Citrix NetScaler products. Citrix has released a patch for the vulnerabilities, but it came after threat actors had already taken advantage of them. The most severe vulnerability (CVE-2023-3519) in Citrix’s NetScaler ADC and NetScaler Gateway products holds a severity rating of 9.8 out of 10, allowing hackers to execute code remotely without authentication. The security firm Rapid7, which discovered the attacks, has warned that this product line is commonly targeted and expects an increase in exploitation.
The situation with Adobe ColdFusion is more complex. Hackers are exploiting a vulnerability with a severity rating of 9.8 (CVE-2023-38203) in conjunction with another ColdFusion vulnerability (CVE-2023-29298). Adobe has issued a patch for the latter but, according to Rapid7, it was incomplete, meaning the CVE-2023-29298 vulnerability can still be exploited with minimal changes to the already available proof-of-concept exploit. Another mislabeled vulnerability (CVE-2023-29300), initially thought to be fixed by Adobe, is also being exploited. These vulnerabilities are being used to install webshells on vulnerable servers, allowing attackers to issue commands and execute code remotely.
The fallout from similar critical vulnerabilities in other widely used enterprise applications, such as MOVEit and GoAnywhere, should serve as a warning to organizations about the potential damage of failing to timely patch these vulnerabilities in Citrix’s NetScaler products and Adobe’s ColdFusion. To mitigate the risks, organizations using ColdFusion or NetScaler should promptly apply the available patches.