{"id":7380,"date":"2022-06-17T11:29:14","date_gmt":"2022-06-17T11:29:14","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7380"},"modified":"2023-04-05T12:32:54","modified_gmt":"2023-04-05T19:32:54","slug":"cve-2022-26134-a-new-rce-atlassian-bug-exploited-by-ransomware-gangs","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/cve-2022-26134-a-new-rce-atlassian-bug-exploited-by-ransomware-gangs\/","title":{"rendered":"CVE-2022-26134: A New RCE Atlassian Bug Exploited by Ransomware Gangs"},"content":{"rendered":"
\nDid you know AvosLocker ransomware is now targeting unpatched Atlassian Confluence Server and Data Center instances?<\/p>\n<\/blockquote>\n
Atlassian Confluence is a workspace that is used for documentation, decisions, project collaborations, and Jira integrations. A zero-day flaw was detected recently which affects Confluence server and data center products that can be remotely exploited by an attacker. This zero-day can be exploited by executing arbitrary code by a threat actor to deploy webshells to extract data. This web-based vulnerability has to be patched immediately as the system has limited logging or monitoring capabilities which means it is quite difficult to detect.<\/p>\n
\nOur Cyber Threat Intelligence captured CVE-2022-26134 on Deep Dark Web discussions, indicating hackers are on the lookout for this vulnerability. In addition, this CVE was first spotted in hackers chatter on June 03, 2022, and has a high probability of exploitation.<\/strong><\/p>\n<\/blockquote>\n
CVE-2022-26134 Details<\/h2>\n
Atlassian zero-day vulnerability that has been exploited in the wild is tagged as CVE-2022-26134. This is a critical unauthenticated, remote code execution vulnerability that affects all Atlassian Confluence and Data Center 2016 servers after version 1.3.0.<\/p>\n
\n
- \n
This bug was found by Volexity and reported on the last week of May while performing Incident Response over the weekend.<\/p>\n<\/li>\n
- \n
The CVSS V3 score of this vulnerability ranges from 9 to 10.<\/p>\n<\/li>\n
- \n
A proof-of-concept exploits for this flaw was publicly released.<\/p>\n<\/li>\n
- \n
Approximately 4000 instances of Atlassian Confluence were available worldwide in exploiting and testing for Atlassian Confluence CVE-2022-26134, according to a Tweet by Shadowserver.<\/p>\n<\/li>\n
- \n
A total of 23 IP addresses have exploited the Atlassian vulnerabilities.<\/p>\n<\/li>\n
- \n
Popular scanners such as Nessus and Tenable were able to detect this vulnerability<\/p>\n<\/li>\n<\/ul>\n