Description |
This article describes the Adobe ColdFusion Access Control Bypass Attack coverage with FortiNDR Cloud. Adobe ColdFusion Access Control Bypass Attack involves 3 CVEs: CVE-2023-38203 is a Deserialization of Untrusted Data vulnerability. A threat actor could leverage this vulnerability to perform Arbitrary code execution. CVE-2023-38205 is an Improper Access Control vulnerability in Adobe ColdFusion. A threat actor could leverage this vulnerability to access the administration CFM and CFC endpoints CVE-2023-29298 is an access control bypass vulnerability in Adobe ColdFusion. A threat actor could leverage this access control bypass vulnerability to log into a ColdFusion Administrator account, brute force credentials, or leak sensitive information. |
||||||||||||
CVE ID |
CVE-2023-38203 (https://nvd.nist.gov/vuln/detail/CVE-2023-38203) CVE-2023-38205 (https://nvd.nist.gov/vuln/detail/CVE-2023-38205) CVE-2018-15133 (https://nvd.nist.gov/vuln/detail/CVE-2023-38203) |
||||||||||||
NDR Cloud Detection Rule |
|
||||||||||||
Threat hunting |
FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Adobe ColdFusion Access Control Bypass Attack” related activities. https://www.fortiguard.com/outbreak-ioc?tag=Adobe%20ColdFusion%20Access%20Bypass |
||||||||||||
Suricata Coverage |
N/A | ||||||||||||
Other Fortinet Products |
For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to https://www.fortiguard.com/outbreak-alert/adobe-coldfusion-access-bypass |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.