Published: 18/03/2024 Updated: 18/03/2024

CVSS v3 Base Score: 8.2 | Impact Score: 4.2 | Exploitability Score: 3.9

VMScore: 0

ColdFusion versions 2023.6, 2021.12 and previous versions are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.

Check Point Reference: CPAI-2024-0187 Date Published: 14 Apr 2024 Severity: High ...

This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12' The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanagercfc endpoint Using that ...

This module exploits an Improper Access Vulnerability in Adobe Coldfusion versions prior to version '2023 Update 6' and '2021 Update 12'. The vulnerability allows unauthenticated attackers to request authentication token in the form of a UUID from the /CFIDE/adminapi/_servermanager/servermanager.cfc endpoint. Using that UUID attackers can hit the /pms endpoint in order to exploit the Arbitrary File Read Vulnerability.

msf > use auxiliary/gather/coldfusion_pms_servlet_file_read
msf auxiliary(coldfusion_pms_servlet_file_read) > show actions
    ...actions...
msf auxiliary(coldfusion_pms_servlet_file_read) > set ACTION < action-name >
msf auxiliary(coldfusion_pms_servlet_file_read) > show options
    ...show and set options...
msf auxiliary(coldfusion_pms_servlet_file_read) > run

Exploit for CVE-2024-20767 affecting Adobe ColdFusion

CVE-2024-20767-Adobe-ColdFusion Adobe ColdFusion is a rapid development platform for building and deploying web and mobile applications CVE-2024-20767 - ColdFusion versions 20236, 202112 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read An attacker could leverage this vulnerability to bypass security measures

Exploit for CVE-2024-20767 - Adobe ColdFusion Server

CVE-2024-20767 Exploit for CVE-2024-20767 - Adobe ColdFusion Server

CVE-2024-20767

Exploit Toolkit for Adobe ColdFusion CVE-2024-20767 Vulnerability

CVE-2024-20767 Exploit for Adobe ColdFusion 🛠️ This repository contains an exploit for Adobe ColdFusion, specifically targeting the CVE-2024-20767 vulnerability disclosed on March 12, 2024 This critical security issue allows for arbitrary file system read access due to Improper Access Control (CWE-284) Description 📝 The vulnerability has been assigned a critical sever

CWE-284 https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html https://nvd.nist.gov https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2024-0187.html

CVE-2024-20767

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Metasploit Modules

Github Repositories

References

Vulmon Search

About

Products

Connect