Adobe ColdFusion Backdoor Installation Attack [CVE-2018-15961]
CVE Number – CVE-2018-15961
Affected Platforms
- Adobe ColdFusion 2018 – July release (2018-0.0.310739) and earlier
- Adobe Cold Fusion 2016 – Update 6 and earlier
- Adobe Cold Fusion 11 – Update 14 and earlier
Description
An unknown advanced persistent threat group has been observed targeting unpatched Adobe ColdFusion servers to install a version of the China Chopper backdoor.
The group is believed to have reverse-engineered Adobe’s patch for CVE-2018-15961, an unauthenticated file upload vulnerability (released as part of their September 2018 security updates) before developing an exploit to take advantage of the flaw. The group are now scanning the public Internet for vulnerable ColdFusion installations to deploy the exploit against, installing a JavaServer Pages variant of China Chopper, a simple backdoor, in the process.
At the time of publication it is unclear what the group intend to do with the compromised servers, although there are indications they may be used to host other malware or in phishing campaigns.
For further information:
Remediation
Users and administrators are encouraged to apply Adobe’s APSB18-33 security update immediately if they have not already done so.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.