Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code
2024-12-24 15:35:42 Author: securityaffairs.com(查看原文) 阅读量:6 收藏

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Pierluigi Paganini December 24, 2024

Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it.

Adobe released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Experts warn of the availability of a proof-of-concept (PoC) exploit code for this vulnerability.

The vulnerability is an improper limitation of a pathname to a restricted directory (‘Path Traversal’) that could lead to arbitrary file system readings.

The flaw impacts Adobe ColdFusion versions 2023 and 2021.

“Adobe has released security updates for ColdFusion versions 2023 and 2021. These updates resolve a critical vulnerability that could lead to arbitrary file system read.” reads the advisory.

“Adobe is aware that CVE-2024-53961 has a known proof-of-concept that could cause an arbitrary file system read,”

The researcher that goes online with the moniker ma4ter reported the vulnerability to the software giant.

The company recommends users update their installations to the newest versions:

ProductUpdated VersionPlatformPriority ratingAvailability
ColdFusion 2023Update 12All1Tech Note
ColdFusion 2021Update 18All1Tech Note

At the time of this writing, it is unclear if the company is aware of attacks in the wild exploiting this vulnerability.

In December, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added another Adobe ColdFusion issue, tracked as CVE-2024-20767, to its Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability CVE-2024-20767 (CVSS score 7.4) is an Improper Access Control issue in ColdFusion versions 2023.6, 2021.12, and earlier. An attacker can exploit the flaw to gain arbitrary file reads. Exploitation requires an exposed admin panel.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe) 




文章来源: https://securityaffairs.com/172281/security/adobe-coldfusion-flaw-poc.html
如有侵权请联系:admin#unsafe.sh