October 17, 2023 at 07:12AM
The US cybersecurity agency CISA, together with the FBI and MS-ISAC, has issued a warning about a zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515, the flaw has been exploited by a nation-state threat actor since September 14. It allows unauthorized access, creation of administrative accounts, and modification of critical configuration settings. Users are advised to update their software to the patched release and monitor for malicious activity.
Key takeaways from the meeting notes are as follows:
1. The CISA, FBI, and MS-ISAC have issued a warning regarding a zero-day vulnerability in Atlassian Confluence Data Center and Server.
2. The vulnerability, tracked as CVE-2023-22515, has been exploited by a nation-state threat actor since September 14, prior to the release of patches by Atlassian.
3. The flaw is an unauthenticated broken access control issue that can lead to privilege escalation and affects on-premises Confluence instances.
4. Exploiting the vulnerability allows threat actors to create unauthorized Confluence administrator accounts and modify critical configuration settings.
5. Multiple threat actors have started targeting the flaw following the publication of proof-of-concept exploit code.
6. Atlassian has released versions 8.3.3, 8.4.3, and 8.5.2 to address the vulnerability in Confluence Data Center and Server versions 8.0.0 to 8.5.1.
7. Organizations with internet-accessible Confluence instances are advised to update to the patched release and consider restricting network access until the updates are applied.
8. The advisory from CISA, FBI, and MS-ISAC provides details on the exploitation of the vulnerability and indicators-of-compromise (IoCs) to help organizations detect malicious activity.
9. Network administrators are strongly encouraged to apply the upgrades provided by Atlassian and hunt for malicious activity using the provided detection signatures and IoCs.