CVE-2020-3768
📋 TL;DR
This CVE describes a DLL search-order hijacking vulnerability in Adobe ColdFusion that allows attackers to place malicious DLLs in specific directories. When ColdFusion loads these DLLs instead of legitimate ones, attackers can execute arbitrary code with elevated privileges. This affects ColdFusion 2016 and 2018 installations.
💻 Affected Systems
- Adobe ColdFusion
📦 What is this software?
Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →Coldfusion by Adobe
Adobe ColdFusion is a commercial rapid web application development platform and server providing a Java-based runtime environment for building dynamic websites, web applications, REST APIs, and enterprise integrations. Deployed across government agencies, financial services, healthcare organizations...
Learn more about Coldfusion →⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with administrative privileges, allowing attackers to install persistent backdoors, steal sensitive data, or pivot to other systems.
Likely Case
Privilege escalation from a lower-privileged user to SYSTEM/administrator level, enabling further lateral movement within the network.
If Mitigated
Limited impact due to proper file permissions, application whitelisting, and restricted user access preventing DLL placement.
🎯 Exploit Status
Requires ability to place DLLs in specific directories, typically needing some level of file system access. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: ColdFusion 2016 Update 11, ColdFusion 2018 Update 7
Vendor Advisory: https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html
Restart Required: Yes
Instructions:
1. Download the appropriate update from Adobe's website. 2. Stop all ColdFusion services. 3. Apply the update package. 4. Restart ColdFusion services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict DLL write permissions
windowsSet strict file permissions on ColdFusion directories to prevent unauthorized users from placing DLLs.
icacls "C:\ColdFusion\" /deny Users:(OI)(CI)W
icacls "C:\ColdFusion\" /deny IIS_IUSRS:(OI)(CI)W
Enable SafeDllSearchMode
windowsConfigure Windows to search system directories first before application directories.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v SafeDllSearchMode /t REG_DWORD /d 1 /f
🧯 If You Can't Patch
- Implement strict file system permissions on ColdFusion installation directories
- Deploy application whitelisting to prevent execution of unauthorized DLLs
🔍 How to Verify
Check if Vulnerable:
Check ColdFusion version via ColdFusion Administrator interface or cfusion/lib/version.txt fileCheck Version:
type "C:\ColdFusion\cfusion\lib\version.txt"Verify Fix Applied:
Verify version is ColdFusion 2016 Update 11 or later, or ColdFusion 2018 Update 7 or later📡 Detection & Monitoring
Log Indicators:
- Failed DLL loading attempts in Windows Event Logs
- Unexpected DLL files in ColdFusion directories
- Process creation from unusual DLLs
Network Indicators:
- Unusual outbound connections from ColdFusion server
- Beaconing behavior from compromised server
SIEM Query:
EventID=7 OR EventID=11 | where Image contains "coldfusion" OR Process contains "coldfusion" | where DLL contains suspicious patterns