Even Cisco was tense and announced a review of its products that use the vulnerable framework.
Earlier this week, we talked about the vulnerability CVE-2023-50164, recently discovered in the Apache Struts 2 web framework. Despite the fact that the developers promptly released a fix, this did not greatly deter the spread of the attack.
Yesterday, researchers from Shadowserver noted that they began to record more and more attempts to use the PoC code, which was published in the public domain a day earlier, for malicious exploitation of CVE-2023-50164.
The vulnerability affects versions of Apache Struts from 2.0.0 to 2.5.32 and from 6.0.0 to 6.3.0.1. Apache representatives strongly recommend that web developers using this framework upgrade to the latest versions in which this security flaw has already been fixed.
Otherwise, successful exploitation of the vulnerability will inevitably lead to unauthorized access to web servers, manipulation or theft of confidential data, disruption of critical services, and lateral movement in compromised networks.
Meanwhile , Cisco has issued a security bulletin stating that it is conducting an investigation into CVE-2023-50164 to determine which of the company's products with Apache Struts may be affected by this security flaw, and what consequences this may lead to.
The full list of potentially vulnerable Cisco products is available in the published bulletin and is expected to be updated with up-to-date information as it becomes available.
Earlier this week, we talked about the vulnerability CVE-2023-50164, recently discovered in the Apache Struts 2 web framework. Despite the fact that the developers promptly released a fix, this did not greatly deter the spread of the attack.
Yesterday, researchers from Shadowserver noted that they began to record more and more attempts to use the PoC code, which was published in the public domain a day earlier, for malicious exploitation of CVE-2023-50164.
The vulnerability affects versions of Apache Struts from 2.0.0 to 2.5.32 and from 6.0.0 to 6.3.0.1. Apache representatives strongly recommend that web developers using this framework upgrade to the latest versions in which this security flaw has already been fixed.
Otherwise, successful exploitation of the vulnerability will inevitably lead to unauthorized access to web servers, manipulation or theft of confidential data, disruption of critical services, and lateral movement in compromised networks.
Meanwhile , Cisco has issued a security bulletin stating that it is conducting an investigation into CVE-2023-50164 to determine which of the company's products with Apache Struts may be affected by this security flaw, and what consequences this may lead to.
The full list of potentially vulnerable Cisco products is available in the published bulletin and is expected to be updated with up-to-date information as it becomes available.
