As Adobe urges site admins to patch a recently discovered bug in it’s tools, a private security company has now come up with a working exploit against the concerned vulnerability!
They claim the exploit can let an attacker gain admin privileges on-target site, and execute any malicious code remotely. This can happen even if there’s a web firewall set, as there are multiple ways to breach. Adobe released a patch to secure this vulnerability.
Critical Vulnerability in Adobe Tools
Adobe’s Commerce and Magento Open Source tools by eCommerce websites are said to have a vulnerability, tracked as CVE-2022-24086. Since its discovery earlier this month, many security firms and even the government agencies are warning site admins to patch it immediately, as it’s critical.
🔥 We have reproduced the fresh CVE-2022-24086 Improper Input Validation vulnerability in Magento Open Source and Adobe Commerce.
Successful exploitation could lead to RCE from an unauthenticated user. pic.twitter.com/QFXd7M9VVO
— PT SWARM (@ptswarm) February 17, 2022
As per Adobe, this bug can let a threat actor gain admin privileges and execute any malicious code in the target site, remotely and without any authentication. The OEM has released an out-of-band update last Sunday to fix it, but it’s still the responsibility of the end-users – site admins using these tools to apply it.
There’s even a related vulnerability, tracked as CVE-2022-24087 discovered soon after its predecessor with the same damages. And now, Positive Technologies, a security firm came up with a working exploit for the CVE-2022-24086 vulnerability.
While they claimed to have no interest in sharing it with the public or among the security industry, they warn site admins regarding the risk it poses.
Researchers said applying a web application firewall too can’t help since there are multiple ways for exploiting this vulnerability. Used mainly by the web skimmers who target online stores for payment card data, there are over 17,000 websites using Adobe’s vulnerability tools, with some of them being major businesses, say researchers.
Other Trending News:- News