A suspected Chines APT group exploited the recently patched ColdFusion vulnerability in the wild by compromising a vulnerable ColdFusion server after directly uploading a China Chopper webshell.
The targeted servers hadn’t been updated with the patch released just two weeks earlier.
Volexity researchers observed the active exploitation of the newly patched CVE-2018-15961 flaw, a critical unrestricted file upload bug that could also lead to arbitrary code-execution, in Adobe ColdFusion, despite there being no public details or proof-of-concept code exists, according to a Nov. 8 blog post.
“The recent Adobe ColdFusion flaw that has been exploited recently is another example of how quickly malicious actors are to take advantage of recently-patched vulnerabilities,” Justin Jett, Director of Audit and Compliance for Plixer said. “In this case, fewer than two weeks after a patch was released, servers were compromised.”
Jett said that the threat actors targeting of a server missing a single update indicates that even the most diligent to patch servers are still vulnerable, adding that software vendors create windows of opportunity for malicious actors when they release patches to fix vulnerabilities.
As a result, IT professionals should continuously monitor their entire network and look for anomalous behavior, he said.
