5l1v3r1/CVE-2024-20767e

Exploit for CVE-2024-20767 - Adobe ColdFusion

CVE-2024-20767

CVE-2024-20767 - Arbitrary file system read using an Improper Access Control vulnerability in Adobe ColdFusion

• Please refer to ma4ter blogpost for more information: Adobe ColdFusion任意文件读取漏洞CVE-2024-20767分析

Products and Versions affected:

Product	Affected Versions
ColdFusion 2023	Update 6 and earlier versions
ColdFusion 2021	Update 12 and earlier versions

• CVSS: 8.2
• Actively Exploited: NO
• Patch: YES
• Mitigation: NO

Lab

You can deploy a ColdFusion server with a Free Trial from Adobe:

• Download ColdFusion

Help

usage: CVE-2024-20767.py [-h] -t TARGET [-p PORT] -c COMMAND

options:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target Adobe ColdFusion Server URL
  -p PORT, --port PORT  Target Adobe ColdFusion Server Port, by default we use the 8500 Port
  -c COMMAND, --command COMMAND
                        Path to read file

Example:

python CVE-2024-20767.py -t http://192.168.124.203 -p 8500 -c Windows/ServerStandardEval.xml

References

• Adobe ColdFusion任意文件读取漏洞CVE-2024-20767分析
• CVE-2024-20767: Critical Adobe ColdFusion Flaw Exposes Sensitive Files, PoC Published
• Security updates available for Adobe ColdFusion | APSB24-14