U.S. Cyber Command warns that 'patches for critical Atlassian Confluence vulnerabilities should be applied now'



On Saturday, September 3, 2021, the Cyber National Operations Force (CNMF) belonging to the

U.S. Cyber Army reported on the serious vulnerability ' CVE-2021-26084 ' of Atlassian Confluence , 'The exploitation of the vulnerability is still ongoing. It's expected to accelerate in the future. If you haven't applied the fix yet, you should do it now. You can't wait for the beginning of the week. '



Atlassian Releases Security Updates for Confluence Server and Data Center | CISA
https://us-cert.cisa.gov/ncas/current-activity/2021/09/03/atlassian-releases-security-updates-confluence-server-and-data


US govt warns orgs to patch massively exploited Confluence bug
https://www.bleepingcomputer.com/news/security/us-govt-warns-orgs-to-patch-massively-exploited-confluence-bug/

CVE-2021-26084: Confluenza --Censys
https://censys.io/blog/cve-2021-26084-confluenza/?hss_channel=tw-3566263693


Confluence is a web-based team workspace designed for employees to collaborate on various projects within a company, provided by the Australian company Atlassian.

CNMF points out the vulnerability 'CVE-2021-26084' that Atlassian published a security advisory in late August 2021. The vulnerability is an OGNL (Object Graph Navigation Library) injection that allows an unauthenticated attacker to execute arbitrary code on a Confluence server or an instance of a data center.

According to Bleeping Computer, an IT news site, evidence of intrusion from Brazil, China, Hong Kong, Nepal, Romania, Russia, and the United States has already been found on the server ...



Multiple abuse cases of CVE-2021-26084 have been reported, such as the deployment of PowerShell and Linux shell scripts, and the installation of virtual currency mining programs on the Confluence server without permission.



Atlassian released a security update on August 25, 2021, including a patch for CVE-2021-26084. However, Censys, the developer of IoT-specific search engines, said in an official blog, 'Of the 14,701 services that Censys identified as Confluence servers, 13,596 ports and 12,876 individual IPv4 hosts. Has not applied the fix patch, 'reported August 31, 2021.

Since then, as news about the Confluence vulnerability has spread, more servers have been patched, and as of September 5, 2021, the number of vulnerable Confluence instances has dropped to 8597, Censys reports.



The US Cyber Command is calling for an urgent application of a patch distributed by Atlassian.



The Cybersecurity and Infrastructure Security Agency (CISA), the US Department of Homeland Security's cybersecurity jurisdiction, also said, 'A remote attacker exploits this vulnerability and puts the affected system under control. It's possible, 'he said, calling on Confluence users and administrators to review the security advisory and apply the required updates immediately.

in Security, Posted by log1i_yk