Security

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend.

US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Government experts are aware of the ongoing mass exploitation of the CVE-2021-26084 flaw and believe it could rapidly accelerate.

Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. At the time of this writing, experts only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.

Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to execute arbitrary code on affected Confluence Server and Data Center instances.

“An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. ” reads the advisory published by the company.

The issue was discovered by Benny Jacob (SnowyOwl) through the Atlassian public bug bounty program, the vulnerability received a CVSS score of 9.8.

Affected versions are:

  • version < 6.13.23
  • 6.14.0 ≤ version < 7.4.11
  • 7.5.0 ≤ version < 7.11.5
  • 7.12.0 ≤ version < 7.12.5

Researchers from Threat intelligence firm Bad Packets detected mass scanning and exploit activity targeting Atlassian Confluence servers vulnerable to the above RCE.

CISA also published a security advisory to urge admins to apply the Confluence security updates released on August 25, 2021by Atlassian.

“On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system.” reads the CISA’s alert. “CISA urges users and administrators to review Atlassian Security Advisory 2021-08-25 and immediately apply the necessary updates.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

The Blackbasta extortion group claims to have hacked Atlas, one of the largest national distributors…

6 hours ago

Experts warn of a flaw in Fluent Bit utility that is used by major cloud platforms and firms

A vulnerability in the Fluent Bit Utility, which is used by major cloud providers, can…

10 hours ago

Experts released PoC exploit code for RCE in QNAP QTS

Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese…

12 hours ago

GitCaught campaign relies on Github and Filezilla to deliver multiple malware

Researchers discovered a sophisticated cybercriminal campaign by Russian-speaking threat actors that used GitHub to distribute…

1 day ago

Two students uncovered a flaw that allows to use laundry machines for free

Two students discovered a security flaw in over a million internet-connected laundry machines that could…

1 day ago

Grandoreiro Banking Trojan is back and targets banks worldwide

A new Grandoreiro banking trojan campaign has been ongoing since March 2024, following the disruption by…

2 days ago

This website uses cookies.