overview

CVE-2024-21672 is a high-severity Remote Code Execution (RCE) vulnerability affecting Atlassian Confluence Data Center and Server. It allows an attacker to execute arbitrary code on vulnerable systems without proper authorization. 

The impacted software is Confluence Data Center and Server: Versions 7.19.0 to 7.19.17, 8.5.0 to 8.5.4, and 8.7.0 to 8.7.1.  
 
Atlassian has released patches for the impacted software. At the time of this writing, there are no indications that CVE-2024-21672 has been exploited in the wild, but it is recommended to patch your software as soon as possible.  

 

 

how avertium is protecting our customers

 

IOCs ADDED TO OUR THREAT FEEDS

At this time, there are no known IoCs associated with successful exploitation of CVE-2024-21672. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

TTPs TO MONITOR

  1. Initial Access
  • T1190 - Exploit Public-Facing Application: 
    • The attacker exploits the Confluence application, which is publicly accessible, to gain an initial foothold. 
  1. Execution
  • T1059 - Command and Scripting Interpreter: 
    • Use of command-line interpreters like Bash, PowerShell, or Python to execute arbitrary commands or scripts on the compromised system. 
  • T1203 - Exploitation for Client Execution: 
    • Exploiting a vulnerability to execute payloads directly on the targeted system. 
  1. Persistence
  • T1546 - Event Triggered Execution: 
    • Creating cron jobs, scheduled tasks, or manipulating startup scripts to maintain persistence. 
  • T1574 - Hijack Execution Flow: 
    • Modifying configuration files or libraries in Confluence to ensure the attacker’s code is executed. 
  1. Privilege Escalation
  • T1068 - Exploitation for Privilege Escalation: 
    • Leveraging the vulnerability to escalate privileges from a low-privilege user to an administrative or system-level user. 
  1. Exfiltration
  • T1041 - Exfiltration Over C2 Channel: 
    • Transmitting stolen data over established Command-and-Control channels. 
  • T1020 - Automated Exfiltration: 
    • Automatically extracting large volumes of sensitive data. 

 

 

additional recommendations + information

  • Patch Systems: Apply Atlassian's security updates. 
  • Restrict Access: Limit access to public-facing applications like Confluence.

 

 

ADDITIONAL SERVICE OFFERINGS

  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts.
  • Security Information and Event Management (SIEM) - Minimizing the impact of a successful ransomware or malware attack requires detecting it as early in the attack as possible. A Security Information and Event Management (SIEM) system can help an organization to accomplish this. Avertium offers a comprehensive SIEM-based approach that increases the potential for detecting a ransomware infection before it deploys. SIEM provides a holistic overview of a company’s IT environment from a single point of view in terms of its specific security events, empowering teams to detect and analyze unusual behavior. 
  • Avertium aligns your Cybersecurity Strategy with your business strategy, ensuring that your investment in security is also an investment in your business. Our Cybersecurity Strategy service includes:  
    • Strategic Security Assessments - Strengthening your security posture begins with knowing where your current program stands (NIST CSF, Security Architecture, Business Impact Analysis, Sensitive Data Inventory, Network Virtualization and Cloud Assessment). 
    • Threat Mapping – Leverage Avertium’s Cyber Threat Intelligence, getting a more informed view of your most likely attack scenarios (Threat Assessment and MITRE ATT&CK). 
    • Cyber Maturity Roadmap - Embrace a comprehensive, quantifiable, and well-organized approach to establishing and continuously enhancing your cybersecurity resilience (Policy + Procedure Development, Virtual CISO (VCISO), Training + Enablement, Tabletop Exercises, and Business Continuity + Disaster Recovery Plan).




 

SUPPORTING DOCUMENTATION

Vulnerability Details : CVE-2024-21672 

CVE-2024-21672 Detail 

Security Bulletin - January 16 2024 

RCE (Remote Code Execution) in Confluence Data Center and Server 

Confluence Release Notes 

Confluence Data Center download archives 

 

 
Chat With One of Our Experts



remote code execution RCE Remote Code Execution (RCE) vulnerabilities Flash Notice Confluence Atlassian Critical Vulnerability Atlassian Confluence Blog