New exploit could compromise thousands of vulnerable OpenFire servers

Attacks with a novel exploit could compromise over 3,000 of more than 6,300 internet-exposed Openfire cross-platform real-time collaboration servers, which continue to be vulnerable against a high-severity path traversal vulnerability that has been patched in May, reports SecurityWeek. VulnCheck researchers said that intrusions leveraging the flaw, tracked as CVE-2023-32315, have already been launched over the past two months to enable new admin console user account creation and remote web shell plugin deployment in an effort to facilitate arbitrary command execution and data access. However, the new exploit path was observed by researchers to remove the need for administrative user account creation. Such an approach has allowed direct plugin uploads and web shell access that better conceals malicious activity, according to the report. "This vulnerability has already been exploited in the wild, likely even by a well-known botnet. With plenty of vulnerable internet-facing systems, we assume exploitation will continue into the future," said VulnCheck.