Help
FortiNDRCloud
SaaS based NDR solution providing 365 days data retention, along with Technical Success Manager
kcheung
Staff
Staff

Created on ‎02-21-2024 09:26 PM Edited on ‎02-22-2024 10:58 AM

Article Id 300605

FortiGuard Outbreak Alert: Adobe ColdFusion Access Control Bypass Attack

Description 

This article describes the Adobe ColdFusion Access Control Bypass Attack coverage with FortiNDR Cloud.

Adobe ColdFusion Access Control Bypass Attack involves 3 CVEs:

CVE-2023-38203 is a Deserialization of Untrusted Data vulnerability. A threat actor could leverage this vulnerability to perform Arbitrary code execution.

CVE-2023-38205 is an Improper Access Control vulnerability in Adobe ColdFusion. A threat actor could leverage this vulnerability to access the administration CFM and CFC endpoints

CVE-2023-29298 is an access control bypass vulnerability in Adobe ColdFusion. A threat actor could leverage this access control bypass vulnerability to log into a ColdFusion Administrator account, brute force credentials, or leak sensitive information.

CVE ID    

CVE-2023-38203 (https://nvd.nist.gov/vuln/detail/CVE-2023-38203)

CVE-2023-38205 (https://nvd.nist.gov/vuln/detail/CVE-2023-38205)

CVE-2018-15133 (https://nvd.nist.gov/vuln/detail/CVE-2023-38203)

NDR Cloud Detection Rule

Detection Rule Name

Category

Primary MITRE ID

FortiGuard Outbreak Alert: CVE-2023-38203 Adobe ColdFusion Insecure Deserialization

Attack: Exploitation

T1190 - Exploit Public-Facing Application

FortiGuard Outbreak Alert: CVE-2023-38205 Adobe ColdFusion IPFilterUtils Authentication Bypass

Attack: Exploitation

T1190 - Exploit Public-Facing Application

FortiGuard Outbreak Alert: CVE-2023-29298 Adobe ColdFusion Authentication Bypass

Attack: Exploitation

T1190 - Exploit Public-Facing Application

Threat hunting

FortiNDR Cloud users can use the following IOCs from Fortinet to hunt for “Adobe ColdFusion Access Control Bypass Attack” related activities.

https://www.fortiguard.com/outbreak-ioc?tag=Adobe%20ColdFusion%20Access%20Bypass

Suricata Coverage

 N/A

Other Fortinet Products

 For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/adobe-coldfusion-access-bypass
184
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.