Background
CVE-2021-35464 was disclosed on 23 June 2021 and targets ForgeRock OpenAM, an open-source access management solution. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has identified a number of Australian organisations which have been compromised through exploitation of this CVE.
CVE-2021-35464 provides a mechanism for remote code execution, allowing malicious actors to remotely execute code on an affected system. The ASD’s ACSC has observed actors exploiting this vulnerability to compromise multiple hosts and deploy additional malware and tools.
Additional information is available from ForgeRock security advisory #202104.
Mitigation
The ASD’s ACSC strongly recommends that Australian organisations urgently:
- Review their systems and networks for the presence of vulnerable instances of the OpenAM software; and
- Update to OpenAM version 7 or apply the workaround as identified by the ForgeRock Security Advisory #202104.
If you are unable to upgrade or apply mitigations to your OpenAM instance, ASD’s ACSC recommends isolating it from the internet or shutting down the server.
Assistance
The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via 1300 CYBER1 (1300 292 371).