Help
FortiRecon
FortiRecon is a digital risk protection (DRP) service that allows customers to gain visibility of their digital attack surface, receive targeted threat intelligence, and reduce organisational risk.
bmali
Staff
Staff

Created on ‎01-18-2024 07:11 AM

Article Id 294836

Outbreak Alert: Adobe ColdFusion Access Control Bypass Attack

FortiRecon provides outside-in coverage for risks toward customers.  External Attack Surface Management helps customers identify exposure to known and unknown enterprise assets and associated vulnerabilities across the enterprise. The Vulnerability Intelligence Module under Adversary Centric Intelligence (ACI) provides a realistic view of the impact of the vulnerability based upon chatter and discussion of the same across various external sources such as Darkweb, social media, News / Blogs etc. 

 

CVE ID   

CVE-2023-38205

CVE Title   

Adobe ColdFusion Security Bypass

NVD Severity

 High
FortiRecon Severity

Critical

Exploited

Yes
Exploited by Ransomware Group(s)

No
Exploited by APT Group(s)

No
Included in CISA KEV List

Yes
Available working exploit(s)

None
Available POC exploit(s)

None
Darknet Mention(s)

No
Telegram Mention(s)

No

FortiRecon Intelligence Reporting(s)

2 (OSINT)
Social Media Mention(s)

80

EASM Scanner   

No   

 

CVE ID   

CVE-2023-29298

CVE Title   

Adobe ColdFusion Code Execution

NVD Severity

High
FortiRecon Severity

Critical

Exploited

Yes
Exploited by Ransomware Group(s)

Yes (Unknown)
Exploited by APT Group(s)

No
Included in CISA KEV List

Yes
Available working exploit(s)

None
Available POC exploit(s)

None
Darknet Mention(s)

No
Telegram Mention(s)

No

FortiRecon Intelligence Reporting(s)

4 (OSINT, DARKNET)
Social Media Mention(s)

19

EASM Scanner   

No   

 

CVE ID   

CVE-2023-38203

CVE Title   

Adobe ColdFusion Code Execution

NVD Severity

Critical
FortiRecon Severity

Critical

Exploited

Yes
Exploited by Ransomware Group(s)

Yes (Unknown)
Exploited by APT Group(s)

No
Included in CISA KEV List

Yes
Available working exploit(s)

None
Available POC exploit(s)

None
Darknet Mention(s)

No
Telegram Mention(s)

Discussion on 1 Telegram channel

-Exploit Service

FortiRecon Intelligence Reporting(s)

5(OSINT, TECHINT)
Social Media Mention(s)

9

EASM Scanner   

No   

 

CVE ID   

CVE-2023-26347 

CVE Title   

Adobe ColdFusion Security Bypass

NVD Severity

Not Assigned
FortiRecon Severity

Low

Exploited

No
Exploited by Ransomware Group(s)

No
Exploited by APT Group(s)

No
Included in CISA KEV List

No
Available working exploit(s)

None
Available POC exploit(s)

None
Darknet Mention(s)

None
Telegram Mention(s)

None

FortiRecon Intelligence Reporting(s)

None
Social Media Mention(s)

None

EASM Scanner   

No   
365
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.