Background /What has happened?
Proof of concept exploit code has been released for a remote code execution vulnerability (CVE-2021-42237) in certain versions of the Sitecore Experience Platform (Sitecore XP) content management system. Successful exploitation of this vulnerability results in remote code execution which could allow an internet-based actor to install malware/ or webshells and perform other actions.
This vulnerability was previously identified by Sitecore in an October security bulletin and a security update and other mitigations made available.
The ACSC is aware of active exploitation of this vulnerability in Australia.
Mitigation / How do I stay secure?
Australian organisations who utilise Sitecore XP should consult the Sitecore security bulletin, review the patch level of any Sitecore XP instances and ensure they are updated to the latest version. Sitecore also identifies other mitigations which can be applied.
Australian organisations who have identified an internet exposed Sitecore XP instance vulnerable to CVE-2021-42237 should review logs for signs of malicious activity targeting the vulnerable Report.ashx file outlined in the Sitecore security bulletin.