Press ESC to close

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

CategoryDetails
Threat ActorsNot explicitly mentioned.
Campaign OverviewExploits “CosmicSting” vulnerability (CVE-2024-34102) in Adobe Commerce and Magento, targeting e-commerce platforms globally.
Target RegionsGlobal (affects over 140,000 Magento instances worldwide).
MethodologyExploits unauthenticated XML External Entity (XXE) vulnerability via REST API endpoints, enabling sensitive file access and potential RCE.
Product TargetedAdobe Commerce and Magento Open Source versions before 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9.
Malware ReferencePotential injection of malicious “eskimmer” JavaScript to scrape form data and exfiltrate it to attacker-controlled domains.
Tools UsedProof-of-concept exploits, Snort IDS/IPS, Splunk queries, Tetragon eBPF observability agent, synthetic transaction monitoring tools.
VulnerabilitiesCVE-2024-34102 (CVSS 9.8), XXE vulnerability triggered via nested deserialization and unsafe XML entity handling.
TTPs– Crafting malicious JSON payloads
– Exploiting REST API endpoints
– Chaining with other issues for RCE
– Exfiltration of sensitive files (e.g., /etc/passwd).
AttributionNo explicit attribution mentioned.
Recommendations– Apply latest patches.
– Implement WAF rules.
– Use network segmentation.
– Conduct security audits.
– Monitor logs.
– Enforce least privilege.
SourceSplunk

Read full article: https://www.splunk.com/en_us/blog/security/cosmicsting-a-critical-xxe-vulnerability-in-adobe-commerce-and-magento.html

Disclaimer: The above summary has been generated by an AI language model

Leave a Reply

Your email address will not be published. Required fields are marked *