ACSC: Australian organizations compromised through ForgeRock vulnerability
Australia’s main cyber-security agency said on Friday that it identified a number of Australian organizations that have been compromised through the exploitation of a vulnerability in ForgeRock OpenAM, an open-source application used by large corporations as an identity access management solution across internal applications.
Described as a pre-authentication remote code execution, or a pre-auth RCE, this bug can be exploited to run malicious code OpenAM or ForgeRock Access Management platforms without needing to provide valid credentials before launching an attack.
Ten days after Sepankin disclosed the bug, it appears that the details provided in his write-up were enough for threat actors to put together a working exploit.
In a security alert published last Friday, the Australian Cyber-Security Center (ACSC) said it received reports of this vulnerability being used to compromise Australian organizations.
“The ACSC has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools,” the agency said.
The ACSC has advised companies that use the platform inside their networks to apply patches released by ForgeRock on June 29.
- Vulnerable versions: ForgeRock OpenAM 6.x branches.
- Fixed version: ForgeRock OpenAM 7.x branch.
The US Cybersecurity and Infrastructure Security Agency has echoed the ACSC’s alert earlier today, encouraging companies to deploy patches as soon as possible.
The ForgeRock zero-day marks the second actively exploited bug disclosed last Friday after Microsoft found a similar vulnerability being exploited in SolarWinds Serv-U systems.