December 15, 2023 at 06:42AM
Threat actors are exploiting a critical remote code execution flaw in internet-accessible Apache Struts 2 instances. Tracked as CVE-2023-50164, the bug allows attackers to manipulate file upload parameters and upload malicious files, resulting in RCE. Despite widespread exploitation attempts, scaling the attack is challenging. Users of affected Struts versions are urged to upgrade to patched versions promptly.
The meeting notes outline a critical-severity bug, CVE-2023-50164, affecting internet-accessible Apache Struts 2 instances. Threat actors have been probing vulnerable systems to exploit this recently disclosed remote code execution (RCE) flaw. The issue, stemming from Struts’ file upload logic, enables path traversal and potentially allows an attacker to upload a malicious file and achieve RCE.
Trend Micro has reported broad exploitation of the vulnerability by multiple threat actors. However, exploiting this vulnerability at scale is challenging for attackers, unlike the straightforward scanning and exploitation capabilities observed in the past CVE-2017-5638 incident that led to the hacking of Equifax.
Several cybersecurity firms, including Trend Micro, Akamai, Malwarebytes, and the Shadowserver Foundation, have seen exploitation attempts targeting CVE-2023-50164. It is crucial for all Struts users to upgrade to patched versions (2.5.33 and 6.3.0.2) as soon as possible.
Furthermore, it’s worth noting that Sophos has released patches for EOL Firewalls vulnerable to exploitation, and there have been reports of a zero-day exploit targeting a recent NetScaler vulnerability, along with a zero-day exploit targeting Zimbra used to hack government emails.