Attackers are actively exploiting a critical zero-day vulnerability in Adobe Commerce and Magento Open Source products

Severity: Critical

INTRODUCTION

Adobe has addressed critical Magento Zero-Day Vulnerability (CVE-2022-24086) that is under active exploitation by threat actors. The security flaw impacts Adobe Commerce and Magento Open Source products. Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code and may result in the complete compromise of a vulnerable system.

The vulnerability exists due to improper input validation. A remote attacker with administrative privileges can send a specially crafted request to the application and execute arbitrary code on the target system.

The threat actors are actively attempting to exploit the vulnerability in their
ongoing attacks targeting Adobe Commerce merchants. Recently hackers used Magecart credit card skimmer to steal sensitive payment information and compromised 500+ sites running vulnerable Magento sites. Attackers used a combination of an SQL injection and PHP Object Injection attack to load the skimmer, gain control of the online sites running Magento and exfiltrate payment information.

BUSINESS IMPACT

Successful exploitation of this vulnerability allows a remote
attacker to execute arbitrary code, steal sensitive payment information
and completely compromise a vulnerable system.

RECOMMENDATIONS

  1. Ensure to update Adobe Commerce and Magento Open Source products to the latest security patches. (Patch installation instructions – Click Here)
  2. Kindly block the threat indicators at their respective controls.

AFFECTED PRODUCTS

  1. Adobe Commerce 2.4.3-p1 and earlier versions, 2.3.7-p2 and earlier
    versions  
  2. Magento Open Source 2.4.3-p1 and earlier versions, 2.3.7-p2 and earlier
    versions
  3. Adobe Commerce 2.3.3 and lower are not affected.

IP’s

132[.]255[.]135[.]230144[.]168[.]221[.]92191[.]102[.]163[.]208193[.]32[.]8[.]33209[.]127[.]109[.]87209[.]127[.]175[.]113
132[.]255[.]135[.]51186[.]179[.]14[.]102191[.]102[.]163[.]7193[.]32[.]8[.]63209[.]127[.]110[.]144209[.]127[.]97[.]6
138[.]36[.]92[.]216186[.]179[.]14[.]134191[.]102[.]163[.]74193[.]32[.]8[.]76209[.]127[.]110[.]177209[.]127[.]98[.]244
138[.]36[.]92[.]253186[.]179[.]14[.]179191[.]102[.]170[.]173193[.]8[.]238[.]91209[.]127[.]111[.]68209[.]127[.]98[.]81
138[.]36[.]93[.]206186[.]179[.]14[.]204191[.]102[.]170[.]81195[.]123[.]246[.]212209[.]127[.]111[.]99209[.]127[.]98[.]91
138[.]36[.]94[.]2186[.]179[.]14[.]44191[.]102[.]174[.]128198[.]245[.]77[.]132209[.]127[.]116[.]101209[.]127[.]99[.]16
138[.]36[.]94[.]224186[.]179[.]14[.]76191[.]102[.]174[.]211198[.]245[.]77[.]217209[.]127[.]116[.]167209[.]127[.]99[.]205
138[.]36[.]94[.]241186[.]179[.]14[.]97191[.]102[.]174[.]239198[.]245[.]77[.]253209[.]127[.]116[.]231217[.]170[.]207[.]111
138[.]36[.]94[.]59186[.]179[.]39[.]183191[.]102[.]174[.]247206[.]127[.]242[.]99209[.]127[.]117[.]21423[.]106[.]125[.]64
138[.]94[.]216[.]131186[.]179[.]39[.]226191[.]102[.]174[.]52209[.]127[.]104[.]174209[.]127[.]117[.]4945[.]72[.]112[.]143
138[.]94[.]216[.]172186[.]179[.]39[.]35191[.]102[.]179[.]22209[.]127[.]105[.]225209[.]127[.]118[.]13645[.]72[.]18[.]133
138[.]94[.]216[.]186186[.]179[.]39[.]7191[.]102[.]179[.]31209[.]127[.]105[.]73209[.]127[.]118[.]9645[.]72[.]18[.]234
138[.]94[.]216[.]230186[.]179[.]39[.]74191[.]102[.]179[.]62209[.]127[.]106[.]211209[.]127[.]172[.]1545[.]72[.]18[.]236
141[.]193[.]20[.]147186[.]179[.]47[.]205192[.]198[.]123[.]164209[.]127[.]106[.]44209[.]127[.]172[.]6045[.]72[.]31[.]112
144[.]168[.]218[.]117186[.]179[.]47[.]39192[.]198[.]123[.]225209[.]127[.]107[.]141209[.]127[.]172[.]9945[.]72[.]85[.]178
144[.]168[.]218[.]136191[.]102[.]149[.]106192[.]198[.]123[.]226209[.]127[.]107[.]169209[.]127[.]173[.]1345[.]72[.]86[.]142
144[.]168[.]218[.]249191[.]102[.]149[.]197192[.]198[.]123[.]43209[.]127[.]107[.]187209[.]127[.]173[.]15445[.]72[.]86[.]201
144[.]168[.]218[.]70191[.]102[.]149[.]253192[.]241[.]67[.]128209[.]127[.]109[.]138209[.]127[.]173[.]21545[.]72[.]86[.]201
144[.]168[.]218[.]94191[.]102[.]163[.]202193[.]32[.]8[.]1209[.]127[.]109[.]225209[.]127[.]174[.]177

DOMAINS

ajaxtracker[.]comg-analytics[.]comgooglnalytics[.]comjson-jquery[.]icu
amazon-sert[.]comgoogle-analytisc[.]comipmarketing[.]bizmagento-analytics[.]com
bootstrap-js[.]comgoogleanalytics[.]icujqueri-web[.]atpaypal-assist[.]com
cdn-clouds[.]comgoogleplus[.]namejquery-js[.]linktagmanaqer[.]com
cdn-jquery[.]bizgoogletagmanagar[.]comjquerys[.]gatopcc[.]su
webadstracker[.]com

REFERENCES

1. Critical Magento 0-Day Vulnerability Under Active Exploitation — Patch
Released

2. NaturalFreshMall: a mass store hack
3. RiskIQ: Magecart C2 Domains Active in January 2022
4. Threat actors compromised +500 Magento-based e-stores with e-skimmers

Author


Related Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *