The Shadowserver Foundation

Over the weekend we picked up exploitation attempts for IBM Aspera Faspex CVE-2022-47986 (unauthenticated RCE), a file exchange application. IBM issued a patch on Feb 2 addressing this & other vulnerabilities: https://ibm.com/support/pages/node/6952319

Exploit code is public, make sure to update!

We will be sharing out IP data on exposed IBM Aspera Faspex interfaces starting tomorrow in our Device Identification report: https://shadowserver.org/what-we-do/network-reporting/device-identification-report/

EDIT: Looking back at our sensor dataset attempts started Feb 3rd, shortly after exploit code was published. Some continued into Feb 4th before restarting on Feb 11th

Security Bulletin: IBM Aspera Faspex 4.4.2 PL2 has addressed multiple vulnerabilities (CVE-2022-28330, CVE-2023-22868, CVE-2022-30556, CVE-2022-31813, CVE-2022-30522, CVE-2022-47986, CVE-2022-28615, CVE-2022-26377, CVE-2018-25032, CVE-2022-2068)

This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2 PL2.

Feb 13, 2023 at 7:23amWeb
Show threadfrycosFeb 13, 2023
@infosec_au