Hackers try to leverage a just lately fastened vital vulnerability (CVE-2023-50164) in Apache Struts that results in distant code execution, in assaults that depend on publicly out there proof-of-concept exploit code.
It seems that menace actors have simply began, in accordance with the Shadowserver scanning platform, whose researchers noticed a small variety of IP addresses engaged in exploitation makes an attempt.
Apache Struts is an open-source internet utility framework designed to streamline the event of Java EE internet apps, providing a form-based interface and in depth integration capabilities.
The product is used extensively throughout numerous industries in each the non-public and public sectors, together with authorities organizations, for its effectivity in constructing scalable, dependable, and simply maintainable internet purposes.
On December 7, Apache launched Struts variations 6.3.0.2 and a pair of.5.33 to handle a vital severity vulnerability presently recognized as CVE-2023-50164.
The security situation is a path traversal flaw that may be exploited if sure situations are met. It could permit an attacker to add malicious information and obtain distant code execution (RCE) on the goal server. A menace actor exploiting such a vulnerability might modify delicate information, steal knowledge, disrupt vital providers, or transfer laterally on the community.
This might result in unauthorized entry to internet servers, manipulation or theft of delicate knowledge, disruption of vital providers, and lateral motion in breached networks.
The RCE vulnerability impacts Struts variations 2.0.0 by way of 2.3.37 (finish of life), Struts 2.5.0 by way of 2.5.32, and Struts 6.0.0 as much as 6.3.0.
On December 10, a security researcher printed a technical write-up for CVE-2023-50164, explaining how a menace actor might contaminate file add parameters in assaults. A second write-up, which incorporates exploit code for the flaw, was printed yesterday.
Cisco probably impacted
In a security advisory yesterday, Cisco says that it’s investigating CVE-2023-50164 to find out which of its merchandise with Apache Struts could also be affected and to what extent.
The set of Cisco merchandise beneath evaluation consists of the Buyer Collaboration Platform, Identification Companies Engine (ISE), Nexus Dashboard Cloth Controller (NDFC), Unified Communications Supervisor (Unified CM), Unified Contact Heart Enterprise (Unified CCE), and Prime Infrastructure.
A full listing of doubtless impacted merchandise can is accessible in Cisco’s security bulletin, which is anticipated to be up to date with recent data.
