Detecting Adobe ColdFusion CVE-2023–26360, Atlassian Confluence CVE-2023–22515, and Citrix Netscaler CVE-2023–4966 with OWASP Nettacker(v0.3.2)

Sam Stepanyan
3 min readNov 18, 2023

--

On October 31st, 2023, the OWASP Nettacker project team released version 0.3.2 with new modules to scan networks for critical vulnerabilities. The new modules include Adobe ColdFusion CVE-2023–26360, Atlassian Confluence CVE-2023–22515, and Citrix Netscaler CVE-2023–4966.

OWASP Nettacker is an open-source software written in Python language that helps you perform tasks such as automated penetration testing and automated information gathering. It can run various scans using a variety of methods and generate scan reports (in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc

OWASP Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode, or as Maltego transforms . It is written in 100% Python and does not rely on launching any external tools .

The new Nettacker modules added in version 0.3.2 are designed to scan networks for the following critical vulnerabilities:

Adobe ColdFusion CVE-2023–26360 is a deserialization of untrusted data vulnerability that could result in arbitrary code execution in the context of the current user .

Atlassian Confluence CVE-2023–22515 is a privilege escalation vulnerability in Confluence Data Center and Server products.

Citrix Netscaler CVE-2023–4966 (aka “CitrixBleed”) is a critical buffer overflow vulnerability that allows for sensitive information disclosure (e.g. session cookies) when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

OWASP Nettacker can also help you find instances of critically vulnerable MOVEit Transfer and Citrix CVE-2023–24488 in your network .

MOVEit Transfer, a widely-used file transfer software, has been affected by multiple critical vulnerabilities in 2023. These vulnerabilities have led to significant security breaches, affecting numerous organisations and individuals.

MOVEit Transfer vulnerabilities were exploited by multiple threat actors to gain unauthorized access to MOVEit servers, upload web shells, exfiltrate data, and initiate intrusion lifecycles8. High-profile government, finance, media, aviation, and healthcare organisations were reportedly affected

The fallout from these vulnerabilities has been significant, with the costs tied to the MOVEit file transfer hack continuing to climb. The situation has led to multiple lawsuits against Progress Software, the owner of MOVEit, claiming that poor security led to the vulnerabilities.

It’s important to note that the full scale of the MOVEit attack is still unknown, and more victims may come forward in the future. This series of incidents underscores the importance of robust cybersecurity measures and timely patching of software vulnerabilities.

Example — scanning for MOVEit Transfer vulnerable versions with Nettacker:
python3 nettacker.py -l target_list.txt -m moveit_version_scan

OWASP Nettacker, as an open-source project, promotes responsible and ethical use of its tools and modules. Security professionals utilising Nettacker should always ensure they have proper authorisation and follow applicable laws, regulations, and ethical guidelines when performing any form of security scanning/testing.

Follow me on Twitter: https://twitter.com/securestep9

--

--

Sam Stepanyan
Sam Stepanyan

Written by Sam Stepanyan

Application Security Consultant, OWASP London Chapter Leader, OWASP Board Member, Cyber Security Blogger & Speaker