5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.8 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.4%
The Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability for the Joomla! Content Management System (CMS) to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by January 29, 2024 in order to protect their devices against active threats.
Joomla! is an open-source CMS that's been around since 2005, and has been one of the most popular CMS platforms by market share for much of that time. Many companies, from small outfits to large enterprises, use a CMS in some form to manage their websites. There are lots of advantages to using a popular CMS, but if you do you need to keep an eye out for updates.
Take for example the vulnerability that has been added to the CISA catalog: CVE-2023-23752 was reported, and a fix was created in February 2023. But here we are, active exploitation is upon us.
The vulnerability allows a successful attacker to access an application programming interface (API) through which they can obtain Joomla-related configuration information. The attacker has to construct specially crafted requests, which can eventually lead to the disclosure of sensitive information.
The vulnerability is the result of an improper access check that allows unauthorized access to webservice endpoints that exist in Joomla! versions 4.0.0-4.2.7.
If the database is exposed publicly, the attacker can change the Joomla! Super Userโs password. After which the attacker can log in to the administrative web interface and modify a Joomla! template to include a web shell, or install a malicious plugin, giving themselves the ability execute code remotely.
But even if the database is not exposed publicly, exploitation can be used to get the Joomla! user database (usernames, emails, assigned group). This could open up options for credential stuffing. Credential stuffing is a special type of password attack that exploits password reuse by using username and password combinations found on one service to log in to other, unrelated services.
Users are advised to upgrade their CMS to version 4.2.8 or later. The latest version (5.0.1 at the moment of writing) and upgrade packages can be downloaded here.
There are a few obvious and easy-to-remember rules to keep in mind if you want to use a CMS without compromising your security. They are as follows:
If your CMS is hosted on your own servers, be aware of the dangers that this setup brings and keep it separated from other parts of your network.
We donโt just report on vulnerabilitiesโwe identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.8 High
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.963 High
EPSS
Percentile
99.4%