MCP Insights

Cybersecurity Threat Advisory: Apache Struts Framework Vulnerability

Posted on December 15, 2023 by Jason Franks

As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.

This week, a new critical alert requires the mission-critical community’s immediate attention.

Advisory Overview

MCP is actively monitoring a critical remote code execution (RCE) vulnerability in the Apache Struts framework, which is used to create enterprise-ready Java web applications. This vulnerability was flagged by the National Institute of Standards and Technology (NIST) Information Technology Laboratory and carries a Common Vulnerabilities and Exposures Program identifier of CVE-2023-50164.

The vulnerability should be patched immediately because public exploits are available, and active exploitation attempts have been seen in the wild. For instance, sensors employed by the Shadowserver Foundation — which gathers and analyzes data regarding malicious internet activity — have flagged attempted cyberattacks that exploit this vulnerability. The patch can be found here.

Threat Indicators

The path-traversal flaw affects Apache Struts versions before 6.3.0.2 and 2.5.33, and allows RCE. It may enable cyberattackers to upload malicious files, potentially leading to data theft, service disruption, or network lateral movement.

Why Is it Noteworthy?

This vulnerability is significant due to Apache Struts' widespread usage, including within some Cisco networking devices. Cisco is actively investigating the impact on its products.

What Are the Recommendations?

MCP recommends the following actions to limit the impact of potential cyberattacks:

  • Follow the steps outlined in Apache’s notice. 
  • Update to Apache Struts version 6.3.0.2 or 2.5.33, and later. 
  • Ensure that devices running Apache Struts are not accessible to the web, unless secure and necessary. 
  • Monitor the Cisco advisory to see what Cisco products may be infected.

Topics: Cybersecurity

    Subscribe to Newsletter

    Icon

    Let's Talk

    How can we support your mission? From design and procurement to building and management, our national team of experts is here to help…because the mission matters.

    Get In Touch

    Mission Critical Partners

    A: 690 Grays Woods Blvd., Port Matilda, PA 16870
    P: 888.862.7911

    twitter-x-footer facebook_icon linkedin_icon

    Newsletter

    Click the button below to sign up for our newsletter.

    SIGN UP
    Navigation

    ©2024 All Rights Reserved

    NENA 911   APCO International   iCERT

    Privacy Policy  |  Terms & Conditions