Lucene search
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.COLDFUSION_WIN_APSB23-40.NASLHistoryJul 13, 2023 - 12:00 a.m.
Adobe ColdFusion < 2018.x < 2018u17 / 2021.x < 2021u7 / 2023.x < 2023u1 Multiple Vulnerabilities (APSB23-40)
2023-07-1300:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
adobe coldfusion
vulnerabilities
access control
deserialization
authentication attempts
security bypass
cve-2023-29298
cve-2023-29300
cve-2023-29301
windows host
nessus scanner
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.97 High
EPSS
Percentile
99.8%
The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 17, 2021.x update 7, or 2023.x update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-40 advisory.
-
Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29298)
-
Deserialization of Untrusted Data (CWE-502) potentially leading to Arbitrary code execution (CVE-2023-29300)
-
Improper Restriction of Excessive Authentication Attempts (CWE-307) potentially leading to Security feature bypass (CVE-2023-29301)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(178229);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2023-29298", "CVE-2023-29300", "CVE-2023-29301");
script_xref(name:"IAVA", value:"2023-A-0352-S");
script_xref(name:"IAVA", value:"2023-A-0355-S");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/01/29");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/08/10");
script_name(english:"Adobe ColdFusion < 2018.x < 2018u17 / 2021.x < 2021u7 / 2023.x < 2023u1 Multiple Vulnerabilities (APSB23-40)");
script_set_attribute(attribute:"synopsis", value:
"A web-based application running on the remote host is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of Adobe ColdFusion installed on the remote Windows host is prior to 2018.x update 17, 2021.x update 7, or
2023.x update 1. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-40 advisory.
- Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29298)
- Deserialization of Untrusted Data (CWE-502) potentially leading to Arbitrary code execution
(CVE-2023-29300)
- Improper Restriction of Excessive Authentication Attempts (CWE-307) potentially leading to Security
feature bypass (CVE-2023-29301)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html");
script_set_attribute(attribute:"solution", value:
"Update to Adobe ColdFusion version 2018 update 17 / 2021 update 7 / 2023 update 1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-29300");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(284, 307, 502);
script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/07/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:coldfusion");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("coldfusion_win_local_detect.nasl");
script_require_keys("SMB/coldfusion/instance");
script_require_ports(139, 445);
exit(0);
}
include('coldfusion_win.inc');
var instances = get_coldfusion_instances();
var instance_info = [];
foreach var name (keys(instances))
{
var info = NULL;
var ver = instances[name];
if (ver == '2018.0.0')
{
info = check_jar_chf(name, 17);
}
else if (ver == '2021.0.0')
{
info = check_jar_chf(name, 7);
}
else if (ver == '2023.0.0')
{
info = check_jar_chf(name, 1);
}
if (!isnull(info))
instance_info = make_list(instance_info, info);
}
if (max_index(instance_info) == 0)
audit(AUDIT_INST_VER_NOT_VULN, 'Adobe ColdFusion');
var port = get_kb_item('SMB/transport');
if (!port)
port = 445;
var report =
'\n' + 'Nessus detected the following unpatched instances :' +
'\n' + join(instance_info, sep:'\n') +
'\n' + 'Also note that to be fully protected the Java JDK must be patched along with applying the vendor patch.';
security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | coldfusion | cpe:/a:adobe:coldfusion |
Related
adobe
adobe
APSB23-40 : Security update available for Adobe ColdFusion
2023-07-11 00:00:00
nvd
nvd
rapid7blog
rapid7blog
Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities
2023-07-17 19:48:51
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
2023-07-19 17:25:06
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
2023-07-11 15:30:00
impervablog
impervablog
Adobe ColdFusion vulnerabilities mitigated by Imperva
2023-07-23 01:11:40
cvelist
cvelist
cisa_kev
cisa_kev
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
2024-01-08 00:00:00
Adobe ColdFusion Improper Access Control Vulnerability
2023-07-20 00:00:00
attackerkb
attackerkb
nuclei
nuclei
Adobe ColdFusion - Pre-Auth Remote Code Execution
2023-07-12 22:29:28
Adobe ColdFusion - Access Control Bypass
2023-07-12 22:08:33
prion
prion
Deserialization of untrusted data
2023-07-12 16:15:00
Security feature bypass
2023-07-12 16:15:00
Improper access control
2023-07-12 16:15:00
cve
cve
trellix
trellix
The Bug Report - July 2023 Edition
2023-08-02 00:00:00
The Bug Report - July 2023 Edition
2023-08-02 00:00:00
cnvd
cnvd
Adobe Coldfusion Access Control Bypass Vulnerability
2023-07-13 00:00:00
hivepro
hivepro
Active Exploitation of Adobe ColdFusion Critical Vulnerabilities
2023-07-18 13:02:22
hackerone
hackerone
thn
thn
Adobe Rolls Out New Patches for Actively Exploited ColdFusion Vulnerability
2023-07-20 03:31:00
Zero-Day Attacks Exploited Critical Vulnerability in Citrix ADC and Gateway
2023-07-19 03:21:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.97 High
EPSS
Percentile
99.8%
Related for COLDFUSION_WIN_APSB23-40.NASL