ACSC: Australian organizations compromised through ForgeRock vulnerability
Australia's main cyber-security agency said on Friday that it identified a number of Australian organizations that have been compromised through the exploitation of a vulnerability in ForgeRock OpenAM, an open-source application used by large corporations as an identity access management solution across internal applications.
The vulnerability, tracked as CVE-2021-35464, was discovered and disclosed on June 29, last month, by Michael Stepankin, a security researcher at PortSwigger.
Described as a pre-authentication remote code execution, or a pre-auth RCE, this bug can be exploited to run malicious code OpenAM or ForgeRock Access Management platforms without needing to provide valid credentials before launching an attack.
Ten days after Sepankin disclosed the bug, it appears that the details provided in his write-up were enough for threat actors to put together a working exploit.
In a security alert published last Friday, the Australian Cyber-Security Center (ACSC) said it received reports of this vulnerability being used to compromise Australian organizations.
"The ACSC has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools," the agency said.
The ACSC has advised companies that use the platform inside their networks to apply patches released by ForgeRock on June 29.
- Vulnerable versions: ForgeRock OpenAM 6.x branches.
- Fixed version: ForgeRock OpenAM 7.x branch.
The US Cybersecurity and Infrastructure Security Agency has echoed the ACSC's alert earlier today, encouraging companies to deploy patches as soon as possible.
Forge ahead with applying a critical ForgeRock Access Management patch to protect against a pre-auth #RCE vulnerability (CVE-2021-35464) being exploited in the wild. https://t.co/REBRnSx4TC. #Cybersecurity #InfoSec
— CISA Cyber (@CISACyber) July 12, 2021
The ForgeRock zero-day marks the second actively exploited bug disclosed last Friday after Microsoft found a similar vulnerability being exploited in SolarWinds Serv-U systems.
Catalin Cimpanu
is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.