Openfire Admin Console Vulnerability Affects All Versions Since 2015
CVE-2023-32315

7.5HIGH

Key Information:

Vendor

Igniterealtime

Status
Openfire
Vendor
CVE Published:
26 May 2023

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 94%πŸ¦… CISA ReportedπŸ“° News Worthy

What is CVE-2023-32315?

The vulnerability CVE-2023-32315 affects all versions of the XMPP server Openfire released since April 2015. It allows an unauthenticated user to access restricted pages in the Openfire Admin Console reserved for administrative users. More than 3,000 servers have been found to be vulnerable, and the vulnerability has been exploited in the wild for over two months. Researchers discovered a potential exploitation method, which allows attackers to gain access to the Openfire Plugins interface and create new admin console user accounts to install a new plugin. The vulnerability poses a significant risk as it could lead to unauthorized access and control over affected systems. Upgrading to the latest available versions, such as 4.6.8, 4.7.5, and 4.8.0, is advised to mitigate the risk.

CISA has reported CVE-2023-32315

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-32315 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Openfire >= 3.10.0, < 4.6.8 < 3.10.0, 4.6.8

Openfire >= 4.7.0, < 4.7.5 < 4.7.0, 4.7.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-32315-Openfire-Bypass
Created by tangxiaofeng7

CVE-2023-32315
Created by miko550

CVE-2023-32315
Created by ThatNotEasy

News Articles

favicon imageSecurity Affairs

+3,000 Openfire servers exposed to attacks using a new exploit

Researchers warn that more than 3,000 unpatched Openfire servers are exposed to attacks using an exploit for a recent flaw.

favicon imageThe Hacker News

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers remain unpatched against a high-severity flaw, CVE-2023-32315, exposing them to exploits.

References

https://github.com/igniterealtime/Openfire/security/advis...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/173607/Openfire-Auth...

EPSS Score

94% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by The Hacker News

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.