More than 3,000 instances of Openfire servers have not undergone patching to address a recent vulnerability, leaving them susceptible to potential attacks exploiting a newly discovered exploit, according to a report by VulnCheck, a firm specializing in vulnerability intelligence.
Openfire, developed by Ignite Realtime, functions as a cross-platform real-time collaboration server written in Java. Operating on the XMPP protocol, it allows web interface administration.
The vulnerability, identified as CVE-2023-32315, is classified as high-severity and pertains to Openfire’s administration console. It is characterized as a path traversal flaw within the setup environment, enabling unauthorized attackers to gain entry to restricted sections of the admin console.
The root of the problem stems from Openfire’s inadequate protection against specific non-standard URL encoding for UTF-16 characters. The webserver’s lack of support for these characters allowed the inclusion of the new encoding without an accompanying update to the protection measures.
All iterations of Openfire, starting from version 3.10.0 launched in April 2015 up to versions 4.7.5 and 4.6.8 issued in May 2023 for vulnerability remediation, are impacted by this flaw.
Exploitations of this vulnerability have been observed over a span of more than two months. Cyber threat actors have been establishing fresh user accounts in the admin console to introduce a new plugin. This plugin houses a remote web shell, affording the attackers the ability to execute arbitrary comma
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: