Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug

A vulnerability with a 9.8 CVSS rating in IBMs widely deployed Aspera Faspex offering is being actively exploited to compromise enterprises.

A critical bug in IBMs popular Aspera Faspex file transfer stack that allows arbitrary code execution is catching the eye of increasing numbers of cybercriminals, including ransomware gangs, as organizations fail to patch.
Months after IBM released a patch for the critical vulnerability, its being exploited in the wild, researchers with Rapid7 stressed this week, noting that one of its customers was very recently compromised by the bug, tracked as
CVE-2022-47986
. Immediate action is needed, the researchers said.
We strongly recommend patching on an emergency basis, without waiting for a typical patch cycle to occur, Caitlin Condon, senior manager of security research at Rapid7,
warned in a blog post
.
IBM Aspera Faspex is a cloud-based file exchange application that utilizes the
Fast Adaptive and Secure Protocol
(FASP) to allow organizations to transfer files at higher speeds than would be achieved over ordinary TCP-based connections. The Aspera service is used by large organizations like Red Hat and the University of California,
according to Enlyft
, and is so lauded that it has literally
won an Emmy
.
The vulnerability exists in Faspexs version 4.4.2 Patch Level 1, and carries a 9.8 out of 10 on the CVSS vulnerability-severity scale.
By sending a specially crafted obsolete API call, IBM explained in a
security bulletin
published on Jan. 26, an attacker could remotely deploy their own code onto any target system running Faspex.
The bug was
first reported
to IBM back on Oct. 6, 2022, and remedied on Dec. 8, in
4.4.2 Patch Level 2
.
Exploitation activity began shortly after the patch was issued earlier this year, when the
IceFire ransomware group shifted from targeting Windows to Linux systems
. In doing so, it encountered a technical problem: Windows is everywhere, but Linux is most often run on servers. For that reason, they shifted to a new intrusion method for that environment: exploiting CVE-2022-47986.
In the time since, other cybercriminal outfits have pounced on this easy yet powerful vulnerability. In February, an unknown threat actor used it to
deploy Buhti ransomware
, after the
Shadowserver Foundation
picked up on live attempts.
Rarely in life do severe problems have instant remedies, yet CVE-2022-47986 is utterly amenable with a simple upgrade to Patch Level 2, or the newest Patch Level 3, released March 20, according to Condon. Why, with such a simple solution just a few clicks away, is any organization still vulnerable?
Negligence may be the answer
in many cases. Folks dont necessarily have consistent regular patch cycles, Condon tells Dark Reading. Were seeing vulnerable software and appliances still exposed to the Internet after months and sometimes years. Indeed, as of last month, there were
nearly 140 instances of Aspera Faspex
exposed on the Web, she noted.
In certain cases, though, I would not be surprised if this is difficult to patch, Condon says. A lot of our analysis involved simply trying to set up the software and get it to work. So whether its a complex stack or just software that is finicky when you set it up, that can also mean that it is difficult to patch.
Companies that havent already patched, and cant do so immediately, have limited options left to protect themselves. Putting in a couple layers of defense there would be very helpful, Condon says, and taking Aspera Faspex offline is absolutely crucial.
Ultimately, the only surefire fixes are to either patch or abandon the software outright, she adds.
Were aware that when we say Hey, if you cant patch, shut it down, thats not necessarily practical for everyone,” she explains. “So at the very least, take it off the public Internet, and put any other controls you can think of in place.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Patch Now: Cybercriminals Set Sights on Critical IBM File Transfer Bug