Within four days of revelation by Check Point Researchers, estimates are in that hackers could have exploited over 37,000 business networks via Remote Code Execution SpringShell Vulnerability. Among them, software supplying companies were most affected and that too mainly those operating in the European region.
Researchers argue that there were 3 vulnerabilities exploited by a specially crafted malicious message sent to the webserver operating on Spring Core Framework.
While one is a critical remote code execution bug in the spring framework, the other two were less serious flaws detected in Spring Cloud Gateway and Spring Cloud Function.
The seriousness of this flaw can be gauged by the security warning issued by US Cybersecurity and Infrastructure Security Agency (CISA) urging all federal agencies to make a note of this flaw and fix it within a minuscule time frame.
Cybersecurity Insiders learned that Spring Framework versions 5.3.0 to 5.3.17 and 5.2.0 to 5.2.19 and all early versions were deeply affected by the flaw along with the version 9.0 Java Development Kit(JDK). And could turn as serious as the Log4Shell vulnerability detected at the end of last year.
NOTE 1- SpringShell CVE was disclosed on March 29th,2022, and a proof of concept was published on March 30th,2022.
NOTE 2– Companies should conduct external and internal network scans and see for any vulnerabilities. As other exploits could soon follow, developers and security professionals are being urged not to be complacent about the current status of the SpringShell vulnerability.