Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities

CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. 

CISA

The cybersecurity agency CISA warned organizations on Monday that two vulnerabilities affecting Adobe ColdFusion and Microsoft Windows have been exploited in the wild. 

CISA added the flaws to its Known Exploited Vulnerabilities (KEV) catalog, instructing federal agencies to address them in their environments by early January 2025.

The Windows vulnerability is CVE-2024-35250, a high-severity kernel-mode driver issue that can be exploited by an attacker to escalate privileges to System.

Microsoft announced patching the vulnerability in June 2024. The company’s advisory does indicate that exploitation is likely, but the tech giant has yet to update its advisory for CVE-2024-35250 to confirm attacks. 

DevCore, whose researchers have been credited by Microsoft for responsibly reporting the vulnerability, disclosed details of the flaw in late August, noting that it had been exploited at the Pwn2Own Vancouver 2024 hacking competition, where the DevCore team earned $30,000 for an exploit involving this vulnerability. 

A proof-of-concept (PoC) exploit appears to have been made available in October. 

Given that CVE-2024-35250 is a local privilege escalation flaw, it’s likely to be exploited in attacks after the attacker has gained initial access to the targeted system.

The ColdFusion vulnerability added to CISA’s KEV list, tracked as CVE-2024-20767, was patched by Adobe in March 2024. The software giant described it as a critical improper access control issue that allows “arbitrary file system read”. 

Advertisement. Scroll to continue reading.

Technical details and a PoC exploit were published shortly after the patch was announced, showing how an attacker could leverage CVE-2024-20767 to gain unauthorized access to sensitive files and also to modify restricted files. 

The vulnerability can actually be exploited to compromise internet-exposed ColdFusion instances without user interaction. There are many ColdFusion servers exposed to the web, but it’s unclear how many of them are vulnerable to attacks. 

There do not appear to be any previous reports on the exploitation of these ColdFusion and Windows vulnerabilities. CISA has not shared any information on the attacks it’s aware of.

However, it’s worth noting that both Windows and ColdFusion vulnerabilities are regularly exploited in the wild. 

Related: DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign 

Related: Undocumented DrayTek Vulnerabilities Exploited to Hack Hundreds of Orgs

Related: CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.