December 13, 2023 at 11:22AM
Hackers are targeting a recently patched critical vulnerability (CVE-2023-50164) in Apache Struts, leading to remote code execution. Shadowserver reported limited exploitation attempts. Apache Struts is widely used in various sectors for web app development. A path traversal flaw in the recent versions could lead to unauthorized access, data theft, and service disruption. Cisco is also assessing the impact on its products.
Key Takeaways from the Meeting Notes:
1. Hackers are actively attempting to exploit the recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts to achieve remote code execution.
2. The Shadowserver scanning platform has observed a small number of IP addresses engaged in exploitation attempts.
3. Apache Struts is widely used across various industries for developing scalable and reliable web applications.
4. Apache has released Struts versions 6.3.0.2 and 2.5.33 to address the critical severity vulnerability (CVE-2023-50164), which is a path traversal flaw that allows remote code execution.
5. The vulnerability affects multiple versions of Struts, including 2.0.0 through 2.3.37 (end of life), Struts 2.5.0 through 2.5.32, and Struts 6.0.0 up to 6.3.0.
6. Security researchers have published technical write-ups and exploit code for CVE-2023-50164.
7. Cisco is investigating which of its products with Apache Struts may be affected by the vulnerability, including the Customer Collaboration Platform, Identity Services Engine (ISE), Nexus Dashboard Fabric Controller (NDFC), Unified Communications Manager (Unified CM), Unified Contact Center Enterprise (Unified CCE), and Prime Infrastructure.
8. Additional and updated information on potentially impacted Cisco products is expected to be available in Cisco’s security bulletin.
Would you like any additional information or details on any specific point from the meeting notes?