Hackers are attempting to leverage a precocious fixed captious vulnerability (CVE-2023-50164) successful Apache Struts that leads to distant codification execution, successful attacks that trust connected publically disposable proof-of-concept utilization code.
It appears that threat actors person conscionable started, according to nan Shadowserver scanning platform, whose researchers observed a mini number of IP addresses engaged successful exploitation attempts.
Apache Struts is an open-source web exertion model designed to streamline nan improvement of Java EE web apps, offering a form-based interface and extended integration capabilities.
The merchandise is utilized extensively crossed various industries successful some nan backstage and nationalist sectors, including authorities organizations, for its ratio successful building scalable, reliable, and easy maintainable web applications.
On December 7, Apache released Struts versions 188.8.131.52 and 2.5.33 to reside a captious severity vulnerability presently identified as CVE-2023-50164.
The information rumor is simply a way traversal flaw that tin beryllium exploited if definite conditions are met. It can allow an attacker to upload malicious files and execute distant codification execution (RCE) connected nan target server. A threat character exploiting specified a vulnerability could modify delicate files, bargain data, disrupt captious services, aliases move laterally connected nan network.
This could lead to unauthorized entree to web servers, manipulation aliases theft of delicate data, disruption of captious services, and lateral activity successful breached networks.
The RCE vulnerability affects Struts versions 2.0.0 done 2.3.37 (end of life), Struts 2.5.0 done 2.5.32, and Struts 6.0.0 up to 6.3.0.
On December 10, a information researcher published a method write-up for CVE-2023-50164, explaining really a threat character could contaminate record upload parameters successful attacks. A second write-up, which includes utilization code for nan flaw, was published yesterday.
Cisco perchance impacted
In a information advisory yesterday, Cisco says that it is investigating CVE-2023-50164 to find which of its products pinch Apache Struts whitethorn beryllium affected and to what extent.
The group of Cisco products nether study includes nan Customer Collaboration Platform, Identity Services Engine (ISE), Nexus Dashboard Fabric Controller (NDFC), Unified Communications Manager (Unified CM), Unified Contact Center Enterprise (Unified CCE), and Prime Infrastructure.
A afloat database of perchance impacted products tin is disposable successful Cisco's information bulletin, which is expected to beryllium updated pinch caller information.