The researchers at Sansec have warned of a surge in hacking attempts on Magento 2 sites. A critical Magento 2 vulnerability tracked as CVE-2022-24086 enables unauthenticated attackers to execute code on unpatched Magento sites.
Magento, a popular open-source eCommerce platform by Adobe, is used by thousands of e-stores worldwide. Sansec researchers have alerted the merchants of a hacking campaign exploiting the CVE-2022-24086 Magento 2 vulnerability.
In February 2022, Adobe released security updates to address this flaw affecting Adobe Commerce and Magento open-source products; at the time, the company confirmed it was actively exploited.
“Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.” Adobe advisory was published.
The CVE-2022-24086 has received a CVSS score of 9.8 out of 10, and it is classified as a pre-authentication issue meaning it could be exploited without credentials.
The vulnerability affects the below versions of the Adobe products:
The Three Variants of Attack
Three attack variants are exploiting CVE-2022-24086 to inject a Remote Access Trojan (RAT) on vulnerable endpoints.
The first variant – initiates by creating a new customer account on the target platform through a malicious template code in the first and last names and placing an order later.
The injected code then decodes to command and downloads a Linux executable (“223sam.jpg”), launched in the background as a process. This RAT phones to a Bulgaria-based server to receive commands.
“This attack method defeats some of the security features of the Adobe Commerce Cloud platform, such as a read-only code base and restricted PHP execution under pub/media,” explains Sansec in the report.
“The RAT has full access to the database and the running PHP processes,… and can be injected on any of the nodes in a multi-server cluster environment.”
The second attack injects a PHP backdoor (“health_check.php”) through a template code in the VAT field of the placed order.
This code creates a new file (“pub/media/health_check.php”), accepting the commands via POST requests.
The third attack employs template code that executes to replace “generated/code/Magento/Framework/App/FrontController/Interceptor.php” with a malicious, backdoor version.
The Sansec team of researchers has urged Magento 2 site administrators to stick to the security guidelines on the Adobe Commerce and Magento open-source support page. As an Adobe Solutions partner, ioVista suggests you upgrade your Magento or Adobe Commerce to the latest version.
Albert Wood is a technology futurist, sales stimuli, motivator, and E-commerce specialist at ioVista. As a data-driven and digital marketing evangelist, Albert’s passion is transforming struggling e-commerce businesses into sales-generating powerhouses through the right combination of UX and digital marketing strategies.
Albert Wood
17 Feb 2023Albert Wood
01 Feb 2023Albert Wood
12 Jan 2023Albert Wood
05 Jan 2023Albert Wood
20 Dec 2022Albert Wood
15 Dec 2022Albert Wood
09 Dec 2022Albert Wood
07 Dec 2022Albert Wood
24 Nov 2022Albert Wood
17 Nov 2022Albert Wood
17 Nov 2022Albert Wood
04 Nov 2022Albert Wood
27 Oct 2022Albert Wood
20 Oct 2022Albert Wood
07 Oct 2022Albert Wood
27 Sep 2022Albert Wood
15 Sep 2022Albert Wood
10 Sep 2022Albert Wood
30 Aug 2022Albert Wood
25 Aug 2022Albert Wood
23 Aug 2022Albert Wood
17 Aug 2022Albert Wood
10 Aug 2022Albert Wood
02 Aug 2022Albert Wood
25 Jul 2022Albert Wood
19 Jul 2022Albert Wood
01 Jul 2022Albert Wood
24 Jun 2022Albert Wood
14 Jun 2022Albert Wood
11 May 2022Albert Wood
03 May 2022Albert Wood
29 Apr 2022Albert Wood
27 Apr 2022Albert Wood
21 Apr 2022Albert Wood
13 Apr 2022Albert Wood
01 Apr 2022Albert Wood
29 Mar 2022Albert Wood
01 Mar 2022Albert Wood
24 Feb 2022Albert Wood
15 Feb 2022Albert Wood
11 Feb 2022Albert Wood
04 Feb 2022Albert Wood
27 Jan 2022Albert Wood
13 Jan 2022Albert Wood
10 Jan 2022Albert Wood
17 Dec 2021Albert Wood
13 Dec 2021Albert Wood
30 Nov 2021Albert Wood
26 Oct 2021Albert Wood
20 Oct 2021Albert Wood
05 Oct 2021Albert Wood
30 Sep 2021Albert Wood
21 Sep 2021Albert Wood
17 Sep 2021Albert Wood
08 Sep 2021Albert Wood
11 Aug 2021Albert Wood
05 Aug 2021Albert Wood
29 Jul 2021Albert Wood
15 Jul 2021Albert Wood
16 Jun 2021Albert Wood
03 Jun 2021Albert Wood
06 May 2021Albert Wood
04 May 2021Albert Wood
15 Apr 2021Albert Wood
17 Mar 2021Albert Wood
18 Feb 2021Albert Wood
15 Feb 2021Albert Wood
28 Jan 2021Albert Wood
21 Jan 2021Albert Wood
26 Nov 2020Albert Wood
11 Nov 2020Albert Wood
24 Sep 2020Albert Wood
08 Sep 2020Albert Wood
01 Sep 2020Albert Wood
18 Aug 2020Albert Wood
13 Aug 2020Albert Wood
01 Aug 2020Albert Wood
29 Jul 2020Albert Wood
21 Jul 2020Albert Wood
14 Jul 2020Albert Wood
09 Jul 2020Albert Wood
29 Jun 2020Albert Wood
11 Jun 2020Albert Wood
02 Jun 2020Albert Wood
21 May 2020Albert Wood
11 May 2020Albert Wood
24 Apr 2020Albert Wood
14 Apr 2020Albert Wood
10 Apr 2020Albert Wood
06 Apr 2020Albert Wood
26 Mar 2020Albert Wood
24 Mar 2020Albert Wood
10 Mar 2020Get in touch with us if you have a web development or digital marketing project that you would like to get underway!
TOP
Get in Touch