HomePentest-Tools.com Logo

Adobe ColdFusion - Remote Code Execution (CVE-2023-29300)

Severity
CVSSv3 Score
9.8
Vulnerability description

Adobe ColdFusion server is vulnerable to CVE-2023-29300, a JNDI injection vulnerability that can be leveraged to a deserialization of untrusted data that could result in Remote Code Execution, affecting the /CFIDE/adminapi/accessmanager.cfc endpoint. The root cause of this vulnerability is improper sanitization of user-provided input inside the wddxPacket object sent through a POST request. This vulnerability allows an unauthenticated remote attacker to execute any command on the server.

Risk description

The risk exists that an unauthenticated remote attacker could leverage the JNDI Injection vulnerability to gain full control of the ColdFusion server which will result in a fully compromised server through which they could steal confidential information, install ransomware, or pivot to the internal network.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Recommendation

Update the Adobe ColdFusion server to one of the currently fixed versions: 2018u17, 2021u7, 2023u3.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
Yes
Vuln date
Jun 2023
Published at
Updated at
Software Type
Web server
Vendor
Adobe
Product
ColdFusion