Akamai Protects Against the Atlassian Confluence 0-Day (CVE-2022-26134)
Atlassian released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) that’s affecting Confluence Server and Data Center products. An unauthenticated attacker could exploit this vulnerability to execute code remotely. Additional information is available from the Cybersecurity & Infrastructure Security Agency here.
Atlassian has recently released an update that lists affected versions and fixed versions of their software. As the situation evolves, this Confluence Security Advisory 2022-06-02 page will give administrators and users a living resource with information on how to patch and/or mitigate the vulnerability.
Akamai WAF customers protected
This post by Volexity, as well as a third-party source trusted by Akamai’s SWAT team, have already highlighted proof-of-concept (PoC) exploit payloads from this vulnerability.
The Akamai Threat Research WAF team has tested the PoC payload and can confirm that Akamai customers with our Kona Site Shield, Web Application Protector, or App & API Protector solutions can virtually patch their environments with the following rules/attack groups:
ASE — 3000014/CMDi attack group
KRS — 3000014/CMDi attack group
AAG — 1000005/CMDi attack group
Akamai's Threat Research WAF team will continue to monitor for new attack vectors/payloads and provide updates as they become available.
Zero Trust Network Access provides additional protection
Customers can put a Zero Trust Network Access (ZTNA) solution like Akamai Enterprise Application Access in front of their Confluence applications. This will help to protect against unauthenticated external exploitation attempts, in addition to the virtual patching protections afforded by a WAF. ZTNA solutions are designed to verify requests made to applications (in this instance, a Confluence application) to ensure that they are coming from an authenticated user. Any unauthenticated users would be blocked from accessing the application. A further measure of control can be afforded to verify the requesting user’s identity with a multi-factor authentication solution, including our phish-proof, FIDO-2–compliant multi-factor authentication solution, Akamai MFA.
