CVE-2023-26360

Vulnerability updated a month ago (2024-11-29T14:03:11.310Z)

Download STIX

Preview STIX

CVE-2023-26360 is a critical vulnerability found in Adobe ColdFusion, an application development platform. The flaw is characterized as an improper access control issue and can lead to arbitrary code execution when exploited. This vulnerability was publicly disclosed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) via an advisory notice, warning that threat actors were actively exploiting it. In June and July of 2023, unknown attackers leveraged this vulnerability to gain unauthorized access to government servers. CISA confirmed that an unnamed federal agency was compromised during this period due to the exploitation of CVE-2023-26360. The breach was facilitated by the flaw's ability to allow arbitrary code execution, leading to a significant security incident within the targeted agency. In response to the active threat, CISA issued an alert in December 2023 urging organizations to take immediate action against this vulnerability. The agency stressed the severity of the situation, highlighting that the flaw had been used to breach government agencies. Adobe has not yet released a patch or workaround for the flaw at the time of the alert, making the vulnerability a significant risk to any organization using the affected version of Adobe ColdFusion.

Description last updated: 2024-05-04T17:06:46.364Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Adobe

Coldfusion

Vulnerability

Exploit

Government

Federal

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the CVE-2023-26360 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securelist	4 months ago	New malicious web shell from the Tropic Trooper group is found in the Middle East
CERT-EU	a year ago	Adobe ColdFusion Vulnerability: SafeBreach Coverage for US-CERT Alert (AA23-339A)
CERT-EU	a year ago	Unauthenticated RCE in Adobe Coldfusion – CVE-2023-26360
CERT-EU	a year ago	Breaking Cyber News From Cyberint - Cyberint
CERT-EU	a year ago	Ankura CTIX FLASH Update - December 8, 2023, Ankura CTIX
Malwarebytes	a year ago	Adobe Coldfusion vulnerability used in attacks on government servers
CERT-EU	a year ago	Threat Actors Exploiting Adobe ColdFusion Vulnerability: A Critical Situation for Federal Agencies
CERT-EU	a year ago	Cyber Security Week in Review: December 8, 2023
CERT-EU	a year ago	Credit Union outages, Nuclear site breach \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	a year ago	CISA: Threat Actor Breached Federal Systems via Adobe ColdFusion Flaw
CERT-EU	a year ago	CISA: Hackers Use ColdFusion Flaw to Breach Federal Agency
CERT-EU	a year ago	Unpatched Adobe ColdFusion bug led to double breach of US federal agency
CERT-EU	a year ago	Adobe ColdFusion Flaw Used by Hackers to Access US Govt Servers \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) - Help Net Security
CERT-EU	a year ago	Hackers exploiting Adobe ColdFusion bug to breach government servers
CERT-EU	a year ago	Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
CERT-EU	a year ago	Adobe ColdFusion Vulnerability Exploited in Attacks on US Government Agency
CERT-EU	a year ago	Federal agency breached through Adobe ColdFusion vulnerability
CERT-EU	a year ago	Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw
Securityaffairs	a year ago	Threat actors breached US govt systems by exploiting Adobe ColdFusion flaw