Critical RCE Flaw in ForgeRock Access Manager Exploited in the Wild

Critical RCE Flaw in ForgeRock Access Manager Exploited in the Wild

The Australian and US governments have issued warnings about an actively exploited vulnerability in OpenAM, which could allow attackers to execute arbitrary code remotely. OpenAM is ForgeRock’s open-source access management, entitlements, and federation solution used by enterprises.

The Australian Cyber Security Centre said that it has spotted attackers exploiting a major vulnerability in ForgeRock’s platform that enables attackers to compromise multiple hosts and deploy additional malware.

ACSC didn’t disclose the identities of the threat actors nor the nature of the attacks.

This issue, tracked as CVE-2021-35464, pertains to a pre-authentication RCE vulnerability that could lead to the exploitation of ForgeRock Access Manager. It is caused by an unsafe Java deserialization configuration in the Jato framework used by the platform.

Successful exploitation of the flaw could allow an attacker to execute arbitrary commands in the context of a current user, not as the root user, the San Francisco-headquartered company noted.

An attacker can execute a code execution to extract sensitive information, like credentials and certificates, from a vulnerable host. They can also gain a foothold by staging a shell attack with the use of Cobalt Strike or another similar tool.

The issue can affect versions 6.0.0.x and all versions of 6.5, up to and including 6.5.3, and it has been addressed in version 7. ForgeRock advises customers to quickly apply the patches.

The ACSC strongly recommends that Australian organizations urgently:

“Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.”

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.