ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
Description
Adobe ColdFusion contains a critical insecure deserialization vulnerability in its WDDX (Web Distributed Data eXchange) parser. This flaw allows unauthenticated remote attackers to send maliciously crafted serialized WDDX data that, when processed by the server, executes arbitrary code with the privileges of the ColdFusion application. The vulnerability affects multiple ColdFusion versions and requires no user interaction or authentication to exploit.
Remediation
Take the following immediate actions to remediate this vulnerability:
1. Apply Security Patches: Upgrade Adobe ColdFusion to the latest patched version as specified in Adobe Security Bulletin APSB23-47. Refer to the official Adobe security advisory for version-specific patch information.
2. Verify Patch Installation: After upgrading, confirm the patch was successfully applied by checking the ColdFusion version in the administrator console.
3. Restrict Network Access: If immediate patching is not possible, implement network-level controls to restrict access to ColdFusion endpoints, particularly those processing WDDX data, to trusted IP addresses only.
4. Monitor for Exploitation: Review server logs for suspicious WDDX deserialization attempts or unexpected DNS queries that may indicate exploitation attempts or successful compromise.
5. Conduct Security Assessment: If the system was vulnerable prior to patching, perform a thorough security assessment to identify any indicators of compromise.