Magento fixes 0-day vulnerability under attack

Over the weekend, Adobe released an emergency update to fix a 0-day vulnerability in Magento and Adobe Commerce. The company warned that hackers have already abused the problem.

0-day has been identified as CVE-2022-24086 (CVSS 9.8 out of 10) and it is a bug that allows remote arbitrary code execution without authentication. According to Adobe, the root of the problem was incorrect input validation.

The attacks began late last month when the company’s crawler found 374 infections in one day, all using the same malware. The domain where the attackers downloaded the malware from (naturalfreshmall[.]com) is currently offline.the Sansec researchers who discovered the vulnerability say.

All sites and resources running Adobe Commerce and Magento Open Source versions 2.4.3-p1 and 2.3.7-p2 and below are considered vulnerable, and their administrators are advised to upgrade as soon as possible. It emphasizes that sites running Adobe Commerce 2.3.3 and earlier are not affected by the vulnerability.

Magento fixed 0-day

It is noted that resource operators using Magento 2 (versions 2.3.3 to 2.3.7) can install the released patch manually, since this process requires changing only a few lines.

In a security bulletin, the company describes the attacks associated with this bug as “very limited” and related to Adobe Commerce, that is, the mass exploitation of the problem has not begun yet.

It is not yet clear how difficult it is to exploit CVE-2022-24086, but it appears to be a difficult process. Bleeping Computer quotes cybersecurity expert Willem de Groot, founder and managing director of Sansec, as saying that he has not yet seen the full chain of remote code execution attacks, indicating that “this is not a trivial exploit.”

If you are running Magento 2.3.3 or below, you are not directly affected by this vulnerability. However, Sansec still recommends installing this patch manually.Sansec says.

You might also be interested to know that IS experts discovered a connection between North Korean hackers and MageCart attacks.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button