A Security Firm Developed a Working Exploit For Adobe's Magento Tool

As Adobe urges site admins to patch a recently discovered bug in it’s tools, a private security company has now come up with a working exploit against the concerned vulnerability!

They claim the exploit can let an attacker gain admin privileges on-target site, and execute any malicious code remotely. This can happen even if there’s a web firewall set, as there are multiple ways to breach. Adobe released a patch to secure this vulnerability.

Critical Vulnerability in Adobe Tools

Adobe’s Commerce and Magento Open Source tools by eCommerce websites are said to have a vulnerability, tracked as CVE-2022-24086. Since its discovery earlier this month, many security firms and even the government agencies are warning site admins to patch it immediately, as it’s critical.

As per Adobe, this bug can let a threat actor gain admin privileges and execute any malicious code in the target site, remotely and without any authentication. The OEM has released an out-of-band update last Sunday to fix it, but it’s still the responsibility of the end-users – site admins using these tools to apply it.

There’s even a related vulnerability, tracked as CVE-2022-24087 discovered soon after its predecessor with the same damages. And now, Positive Technologies, a security firm came up with a working exploit for the CVE-2022-24086 vulnerability.

While they claimed to have no interest in sharing it with the public or among the security industry, they warn site admins regarding the risk it poses.

Researchers said applying a web application firewall too can’t help since there are multiple ways for exploiting this vulnerability. Used mainly by the web skimmers who target online stores for payment card data, there are over 17,000 websites using Adobe’s vulnerability tools, with some of them being major businesses, say researchers.

Other Trending News:-  News

LEAVE A REPLY

Please enter your comment!
Please enter your name here