Patch now! Attacks on Adobe ColdFusion and Fortinet firewalls observed

Due to ongoing attacks, administrators should update their Adobe ColdFusion instances and Fortinet firewalls to the latest version. The exploited vulnerabilities have been known for several years in both cases, but apparently, security patches have not been applied comprehensively so far. What attackers do after successful attacks is currently unknown.

Two-factor authentication bypassable

The Fortinet vulnerability (CVE-2020-12812, "critical") has been known since July 2020. There were first reports of attacks in April 2021. The FBI and CISA suspected state-sponsored cybercrime groups behind the attacks. Now Fortinet has published a new post on the vulnerability and warns of renewed attacks.

Under certain conditions, attackers can bypass two-factor authentication (2FA) and thus gain access to instances. In the warning message, the developers list threatened configurations. Administrators can also find clues there to identify systems that have already been successfully attacked. In contrast, FortiOS versions 6.0.10, 6.2.4, and 6.4.1 are secured.

The extent of the attacks and who is behind them is currently unclear. Security researchers from Shadowserver indicate that more than 10,000 unpatched instances are still accessible via the internet.

Vulnerability package

Security researchers from Greynoise have documented attacks on Adobe ColdFusion in a post. Attackers are exploiting various vulnerabilities, most of which date back to 2023. In the worst case, attackers can execute malicious code remotely without prior authentication.

In the post, administrators can find concrete clues such as IP addresses to identify attacked instances. Administrators should ensure that ColdFusion is up to date. The majority of attacked systems are located in the USA. In Germany, according to their own statements, security researchers have documented 100 attacks.

(des)