CVE-2024-20767

HIGH KEV NUCLEI

CVE-2024-20767 - Adobe Coldfusion Arbitrary File Read

Title source: metasploit

Exploitation Summary

CVE-2024-20767 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 16, 2024. EIP tracks 7 public exploits from researchers including İbrahimsql, yoryio, Chocapikk, including a Metasploit module auxiliary/gather/coldfusion_pms_servlet_file_read. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit targets Adobe ColdFusion 2023.6 (CVE-2024-20767) to achieve remote file read by leveraging a directory traversal vulnerability in the logging module. It retrieves a UUID via an admin API endpoint and uses it to read arbitrary files.

Description

ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet.

Exploits (7)

exploitdb WORKING POC

by İbrahimsql · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52387

View Code ZIP pw:eip

This exploit targets Adobe ColdFusion 2023.6 (CVE-2024-20767) to achieve remote file read by leveraging a directory traversal vulnerability in the logging module. It retrieves a UUID via an admin API endpoint and uses it to read arbitrary files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion 2023.6 (LUcee)

No auth needed

Prerequisites: Network access to the ColdFusion server · Port 8500 (or custom) accessible

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 34 stars

by yoryio · infoleak

https://github.com/yoryio/CVE-2024-20767

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion. The exploit leverages improper access control to read files by chaining two endpoints: one to obtain a UUID and another to read files using directory traversal.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 2023 (Update 6 and earlier), ColdFusion 2021 (Update 12 and earlier)

No auth needed

Prerequisites: Network access to the target ColdFusion server · ColdFusion server running on default or specified port

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 9 stars

by Chocapikk · infoleak

https://github.com/Chocapikk/CVE-2024-20767

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion due to improper access control. The exploit retrieves a UUID from the target server and uses it to read sensitive files (e.g., /etc/passwd or Windows/ServerStandardEval.xml) via a path traversal attack.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Adobe ColdFusion 2023 (Update 6 and earlier), ColdFusion 2021 (Update 12 and earlier)

No auth needed

Prerequisites: Python 3.x · Target URL running vulnerable Adobe ColdFusion · Network access to the target

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by Praison001 · infoleak

https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2024-20767, an Improper Access Control vulnerability in Adobe ColdFusion. The exploit retrieves a UUID from the target's server manager endpoint and uses it to read arbitrary files via a path traversal attack.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion versions 2023.6, 2021.12 and earlier

No auth needed

Prerequisites: Network access to the target ColdFusion server · Target server must be running a vulnerable version of Adobe ColdFusion

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by m-cetin · infoleak

https://github.com/m-cetin/CVE-2024-20767

View Code ZIP pw:eip

The repository contains a functional Python script that exploits CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion servers via the Performance Monitoring Toolset (PMS) endpoint. The exploit leverages a directory traversal technique to read files from the server.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion 2023.6, 2021.12, and earlier versions with PMS enabled

No auth needed

Prerequisites: Target server with accessible PMS endpoint · Python 3.x with requests library

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by alm6no5 · infoleak

https://github.com/alm6no5/CVE-2024-20767

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2024-20767, targeting Adobe ColdFusion. It leverages a vulnerable endpoint to obtain a UUID and another endpoint to read arbitrary files, demonstrating an information leak vulnerability.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion

No auth needed

Prerequisites: Network access to the target Adobe ColdFusion server

MITRE ATT&CK

T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC

by ma4ter, yoryio, Christiaan Beek, jheysel-r7 · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/coldfusion_pms_servlet_file_read.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2024-20767, an arbitrary file read vulnerability in Adobe ColdFusion. It retrieves a UUID from the servermanager.cfc endpoint and uses it to read files via the /pms endpoint with directory traversal.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adobe ColdFusion versions prior to 2023 Update 6 and 2021 Update 12

No auth needed

Prerequisites: Network access to the target ColdFusion server

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Adobe ColdFusion - Arbitrary File Read

HIGHVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.component:"Adobe ColdFusion"

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-20767

Vendor Advisory vendor-advisory

https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html

Scores

CVSS v3 7.4

EPSS 0.9409

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact partial

Details

CISA KEV 2024-12-16

VulnCheck KEV 2024-04-11

InTheWild.io 2024-12-16

ENISA EUVD EUVD-2024-18482

CWE

CWE-284

Status published

Products (2)

adobe/coldfusion 2021 (13 CPE variants)

adobe/coldfusion 2023 (7 CPE variants)

Published Mar 18, 2024

KEV Added Dec 16, 2024

Tracked Since Feb 18, 2026