IBM Aspera Faspex Vulnerability Exploited in Attacks

February 15, 2023

Organizations using IBM’s Aspera Faspex file transfer solution have been warned that a recently patched vulnerability, tracked as CVE-2022-47986, is being exploited in the wild. The security hole, classified as ‘high severity’, is a YAML deserialization flaw that can be exploited by a remote attacker for arbitrary code execution using specially crafted API calls. The issue was discovered by researchers at attack surface management firm Assetnote and reported to IBM in October 2022. Soon after, exploit code was made available and exploitation attempts were observed by threat hunters and the Shadowserver Foundation. A Shodan search shows more than 100 internet-exposed Aspera Faspex servers, mostly located in the United States and the United Kingdom. This is not the only enterprise file transfer solution targeted in attacks in recent weeks, as a vulnerability in the GoAnywhere managed file transfer (MFT) software has also been exploited. It is unclear how many of the attacks are malicious and what the threat actors are doing on compromised systems.

Latest News

• Arris Routers Vulnerable to Remote Code Execution
• Fortinet Releases Security Updates for FortiNAC and FortiWeb
• SolarWinds Patches High-Severity Vulnerabilities
• ProxyShellMiner Exploits Microsoft Exchange Vulnerabilities
• CISA Adds Four Security Vulnerabilities to Known Exploited List