HomePentest-Tools.com Logo

Adobe ColdFusion - Pre-Auth Remote Code Execution CVE-2023-29300

Severity
CVSSv3 Score
9.8
Vulnerability description

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the server to steal confidential information, install ransomware, or pivot to the internal network.

Recommendation

Upgrade to Adobe ColdFusion version 2023.0.0.328155 or later to mitigate this vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Jul 12, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available