Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
×

New Research Report: Security Leaders' Top Challenges & Priorities for 2023

Read Now
02.15.22

Customer Advisory | Critical 0-Day Vulnerability in Adobe Commerce and Magento Open Source Platforms Under Active Exploitation

By Deepwatch, 

February 15, 2022
Prepared by Deepwatch Threat Intel Team

Key Points:

  • Adobe released updates on February 13 to address a critical security vulnerability, identified as CVE-2022-24086 with a CVSS score of 9.8, that affects its Commerce and Magento Open Source products.
  • The vulnerability is an “improper input validation” flaw that might be exploited to allow arbitrary code execution. Adobe is aware that threat actors have exploited the vulnerability in the Adobe Commerce platform in limited attacks.
  • Deepwatch Threat Intel Team assesses with moderate confidence that threat actors will exploit the vulnerability in Adobe Commerce and Magento Open Source platforms to infect eCommerce stores with credit card skimmers. Therefore, it is recommended that customers update their platform to the latest version, check their payment pages for unauthorized modifications that could indicate skimming activities, and review for possible webshells placed as backdoors.

Overview:

Adobe released updates on February 13 to address a critical security vulnerability, tracked as CVE-2022-24086 with a CVSS score of 9.8, that affects its Commerce and Magento Open Source products. Adobe is aware that threat actors have exploited the vulnerability in the Adobe Commerce platform in limited attacks. 

The vulnerability is an “improper input validation” flaw that might be exploited to allow arbitrary code execution. In addition, threat actors do not need to be authenticated to exploit the vulnerability.

What Products are Affected?

Adobe Commerce:

  • 2.4.3-p1 and earlier versions
  • 2.3.7-p2 and earlier versions

Magento Open Source:

  • 2.4.3-p1 and earlier versions
  • 2.3.7-p2 and earlier versions

What Do I Need to Do?

For customers running Adobe Commerce, it is recommended to update to version MDVA-43395_EE_2.4.3-p1_v1.

For customers running Magento Open Source, it is recommended to update to version MDVA-43395_EE_2.4.3-p1_v1

Deepwatch Threat Intelligence Outlook

Deepwatch Threat Intel Team assesses with moderate confidence that threat actors will exploit the vulnerability in Adobe Commerce and Magento Open Source platforms to infect eCommerce stores with credit card skimmers. This assessment is partly based on the discoveries of Sansec, an eCommerce malware and vulnerability detection company, that revealed on February 8 that a Magecart campaign infected 500 Magento-based stores with a credit card skimmer meant to steal sensitive payment information. All infected stores had the credit card skimmer loaded from the same domain, naturalfreshmall[.]com. Additionally, Sansec learned that the threat actors used a mixture of SQL injection (SQLi) and PHP Object Injection (POI) attacks to gain control of the Magento stores. Therefore, it is recommended that customers update their platform to the latest version, check their payment pages for unauthorized modifications that could indicate skimming activities, and review for possible webshells placed as backdoors.

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Customer Advisory | Exploit Code Released for Windows 10 Vulnerability: CVE-2022-21882

Next post

Customer Advisory | Exploit Code Released for Critical Cisco Vulnerability: CVE-2022-20699

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy