CVE-2020-10145 – This vulnerability in Adobe ColdFusion installe... (How to Fix)

Q: What is the severity of CVE-2020-10145?

CVE-2020-10145 has a CVSS score of 7.8 (HIGH). This vulnerability in Adobe ColdFusion installer allows unprivileged users to create files in the default installation directory due to insecure ACL settings. This can lead to privilege escalation where attackers gain higher system privileges. Organizations using default ColdFusion installations on Windows are affected.

📋 TL;DR

This vulnerability in Adobe ColdFusion installer allows unprivileged users to create files in the default installation directory due to insecure ACL settings. This can lead to privilege escalation where attackers gain higher system privileges. Organizations using default ColdFusion installations on Windows are affected.

💻 Affected Systems

Products:

Adobe ColdFusion

Versions: ColdFusion 2021 and earlier versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. The vulnerability exists in the default installation directory structure permissions.

📦 What is this software?

Coldfusion by Adobe

Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...

Learn more about Coldfusion →

Coldfusion by Adobe

Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...

Learn more about Coldfusion →

Coldfusion by Adobe

Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...

Learn more about Coldfusion →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where attackers gain administrative privileges, install persistent backdoors, and access sensitive data across the system.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code with elevated privileges, potentially leading to lateral movement within the network.

🟢

If Mitigated

Minimal impact if proper ACLs are set and least-privilege principles are followed, limiting file creation to authorized users only.

🌐 Internet-Facing: MEDIUM - While primarily a local vulnerability, it could be combined with other exploits to compromise internet-facing systems.

🏢 Internal Only: HIGH - This is primarily an internal/local vulnerability that allows privilege escalation from low-privilege user accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. Attackers need to be able to create files in the vulnerable directory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: ColdFusion updates released after the advisory

Vendor Advisory: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html

Restart Required: Yes

Instructions:

1. Apply the latest Adobe ColdFusion security update. 2. Restart the ColdFusion service. 3. Verify ACLs are properly set on installation directories.

🔧 Temporary Workarounds

Set Secure ACLs on ColdFusion Directory

windows

Manually configure proper access control lists on the ColdFusion installation directory to restrict file creation to authorized users only.

icacls "C:\ColdFusion2021\" /inheritance:r /grant:r "Administrators:(OI)(CI)F" "SYSTEM:(OI)(CI)F" "CREATOR OWNER:(OI)(CI)F" /T

🧯 If You Can't Patch

Implement strict user privilege management and ensure no unprivileged users have access to ColdFusion servers
Monitor file creation events in ColdFusion installation directories using file integrity monitoring tools

🔍 How to Verify

Check if Vulnerable:

Check if unprivileged users can create files in the ColdFusion installation directory using: icacls "C:\ColdFusion2021\"

Check Version:

Check ColdFusion version in Administrator console or via cfusion\lib\coldfusion.jar manifest

Verify Fix Applied:

Verify ACLs show proper restrictions and test that unprivileged users cannot create files in the directory.

📡 Detection & Monitoring

Log Indicators:

File creation events in ColdFusion directories by non-administrative users
Unusual process execution from ColdFusion directories

Network Indicators:

Unusual outbound connections from ColdFusion servers
Lateral movement attempts from ColdFusion hosts

SIEM Query:

EventID=4663 AND ObjectName LIKE '%ColdFusion%' AND SubjectUserName NOT IN ('SYSTEM', 'Administrators')

📊 Metadata

CVE ID: CVE-2020-10145

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-284

Published: May 27, 2021

Last Updated: November 21, 2024

🔗 References

https://www.kb.cert.org/vuls/id/125331 Third Party Advisory,US Government Resource
https://www.kb.cert.org/vuls/id/125331 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-10145, you might also want to check these: