Last updated at Tue, 28 Mar 2023 19:42:46 GMT
Emergent threats evolve quickly, 和 as we learn more about this vulnerability, this blog post will evolve, 太.
On January 26, 2023, IBM published 一个顾问 for multiple security issues affecting its Aspera Faspex software. The most critical of these was cve - 2022 - 47986, which is a pre-authentication YAML deserialization vulnerability in Ruby on Rails code. The vulnerability carries a CVSS score of 9.8.
脆弱性 details 和 working proof-of-concept code have been available since February, 和 there have been multiple 报告 of 剥削 since then, including the vulnerability’s use in the IceFire ransomware campaign. Rapid7 vulnerability researchers published a full analysis of cve - 2022 - 47986 in AttackerKB in February 2023.
Rapid7 is aware of at least one recent incident where a customer was compromised via cve - 2022 - 47986. In light of active 剥削 和 the fact that Aspera Faspex is typically installed on the network perimeter, we strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur.
According to IBM, affected products include Aspera Faspex 4.4.2 Patch Level 1 和 below. cve - 2022 - 47986 is remediated in 4.4.2补丁级别2.
Logfiles can be found in the folder /opt/aspera/faspex/log 默认情况下. 与 PackageRelayController#relay_package should be considered suspicious. 看到 AttackerKB for additional in-depth technical analysis.
Rapid7客户
InsightVM 和 Nexpose customers can assess their exposure to cve - 2022 - 47986 with an authenticated vulnerability check available as of the February 17, 2023 content release. A remote vulnerability check was released on February 27, 2023. Accuracy improvements to both checks were released March 28, 2023.
