Just before the Labor Day weekend in the United States, USCYBERCOM and the Cybersecurity and Infrastructure Security Agency (CISA) are issuing an alert, advising enterprises to fix a significant vulnerability (CVE-2021-26084) impacting Atlassian Confluence Server and Data Center.
USCYBERCOM tweeted Friday morning, “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and anticipated to accelerate.” “If you haven’t already patched, please do it right away— this can’t wait till the weekend.”
Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and expected to accelerate. Please patch immediately if you haven’t already— this cannot wait until after the weekend.
— USCYBERCOM Cybersecurity Alert (@CNMF_CyberAlert) September 3, 2021
Atlassian released patches on August 25 to address a significant code execution vulnerability with a CVSS score of 9.8. The flaw has been fixed with the release of versions 6.13.23, 7.4.11, 7.11.6, 7.12.5, and 7.13.0, which the software maker describes as an OGNL injection issue that can be exploited by an authenticated attacker — and in some cases an unauthenticated attacker — to execute arbitrary code on affected systems.
Hackers began exploiting the vulnerability shortly after the patch was released, with researchers claiming that reproducing the exploit was easier than expected.
Researchers released a technical analysis of the vulnerability and proof-of-concept (PoC) exploit code after the initial in-the-wild exploitation efforts were discovered, which would likely lead to even more threat organisations adding the Confluence vulnerability to their arsenal.
CISA advises users to read Atlassian Security Advisory 2021-08-25 and apply the updates as soon as possible.
Dave Aitel, a security industry veteran, argues that patching now may not be enough. “To tell you the truth, I believe this is awful counsel. People should take these systems offline and rebuild them from the ground up, according to Aitel.
To be honest I think this is bad advice. People should be taking these systems completely offline and rebuilding them from scratch. https://t.co/dGwGXukKrd
— daveaitel (@daveaitel) September 3, 2021
Atlassian’s pre-holiday caution came after CISA and the FBI issued a warning earlier this week, warning that ransomware attackers target the holidays and weekends on purpose. Previous US holidays, such as the Fourth of July weekend in 2021, were marked by a spike in cyber-incidents using ransomware, according to the two agencies in a joint alert.