Outbreak AlertIBM Aspera Faspex Code Execution Vulnerability
File transfer software exploited in the wild
IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. Learn More »
Common Vulnerabilities and Exposures
Background
IBM Aspera Faspex is a centralized transfer solution that enables users to exchange files with each other using an email-like workflow. In the recent weeks, Enterprise file transfer solutions are being targeted by attackers. A vulnerability in another file transfer software, GoAnywhere managed file transfer (MFT) software was also seen being targeted by the attackers. To read the full outbreak report go to https://www.fortiguard.com/outbreak-alert/goanywhere-mft-rce
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 92/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 95.61% |
 |
FortiGuard Telemetry | 7554 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
January 18, 2023: IBM issued a patch https://www.ibm.com/docs/en/aspera-faspex/4.4?topic=notes-release-aspera-faspex-442
February 21, 2023: CISA added the bug, CVE-2022-47986 to its catalog of known exploited vulnerabilities.
FortiGuard Labs recommends users to update the vulnerable version of IBM Aspera Faspex and apply latest patch as released by the vendor as soon as possible.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
| Indicator | Type | Status |
|---|---|---|
| 159.65.217.216 | ip | Active |
| 159.65.217.216:8080 | ip | Active |
| http://159.65.217.216:8080/demo | url | Active |
| 7kstc545azxeahkduxmefgwqkrrhq3mzohkzqvrv7aekob7... | domain | Active |
| http://7kstc545azxeahkduxmefgwqkrrhq3mzohkzqvrv... | url | Active |
| b676c38d5c309b64ab98c2cd82044891134a9973 | file | Active |
| e9cc7fdfa3cf40ff9c3db0248a79f4817b170f2660aa2b2... | file | Active |
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.