Strutting your stuff – Unauthenticated Remote Code Execution
Summary
This article discusses a vulnerability in Apache Struts (CVE-2017-5638) that allows for unauthenticated remote code execution. The author highlights that this is a significant flaw for attackers, providing a link to working exploit code within the Metasploit framework.
IFF Assessment
The discovery and public availability of an exploit for an unauthenticated remote code execution vulnerability presents a significant risk to systems, making it bad news for defenders.
Severity
This score reflects a critical vulnerability (CVE-2017-5638) allowing unauthenticated remote code execution. The high score is due to the ease of exploitation (network attack vector, no privileges required) and the severe impact (complete system compromise).
CISA KEV: Listed as actively exploited. Federal patch due: May 03, 2022. Known ransomware use: Known.
Defender Context
Defenders need to prioritize patching Apache Struts instances, as this vulnerability (CVE-2017-5638) allows for unauthenticated remote code execution. The availability of exploit code in Metasploit means attackers can easily leverage this flaw to gain control of vulnerable systems. Continuous monitoring for indicators of compromise related to Apache Struts exploitation is crucial.