Magento’s critical zero-day vulnerability being actively exploited

Adobe released fixes on Sunday to address a significant security flaw in its Commerce and Magento Open Source products, which it claims is being actively abused in the wild. Sansec detected a security compromise at more than 500 online retailers using the Magento 1 platform at the end of January. They also said that attackers set up a skimmer on the naturalfreshmall[.]com domain, which was loaded by all of the servers.

One of the most critical aspects of the Adobe vulnerability is that no authentication is required to carry out successful exploitation. Because of incorrect input validation, the flaw enables pre-authentication RCE. On the CVSS vulnerability severity scale, the vulnerability is rated 9.8 out of 10. However, in order to successfully exploit the weakness, an attacker would need to get administrative access to the target’s machine. On both eCommerce systems, the problem affects versions 2.3.7-p2 and earlier.

In a February 13, 2022 alert, Adobe stated, “Adobe is aware that CVE-2022-24086 has been exploited in the wild in extremely limited attacks targeting Adobe Commerce merchants.” 

In January 2022, 165 distinct command-and-control servers and skimmer injected URLs used by known Magecart threat actors were found, according to a new analysis issued this month by Microsoft’s RiskIQ, some of which include compromised, legal sites.