Researchers have come up with a warning that threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that install ransomware on servers.
The IBM Aspera Faspex is a centralized file-exchange application that large organizations use to transfer large files or large volumes of files at very high speeds that uses IBM’s proprietary FASP short for Fast, Adaptive, and Secure Protocol to better utilize available network bandwidth.
Earlier this year, IBM warned of a critical vulnerability in Aspera versions 4.4.2 Patch Level 1 and earlier and urged users to install an update to patch the flaw.
Tracked as CVE-2022-47986, the vulnerability makes it possible for unauthenticated threat actors to remotely execute malicious code by sending specially crafted calls to an outdated programming interface. The ease of exploiting the vulnerability and the damage that could result earned CVE-2022-47986 a severity rating of 9.8 out of a possible 10.
Researchers from security firm Rapid7 said they recently responded to an incident in which a customer was breached using the vulnerability and its used to deploy ransomware.
Researchers have reported that the vulnerability is being exploited to install ransomware known as Buhti and as well as IceFire.
IBM patched the vulnerability in January and republished its advisory earlier this month to ensure no one missed it.