27 vulnerabilities found in SDK used by AWS and major cloud services
by
It has been pointed out that there are 27 vulnerabilities in the software development kit (SDK) of 'USB over Ethernet', an application for sharing and accessing USB devices via the Internet or LAN. The vulnerable SDK is used by multiple cloud services, including Amazon Web Services (AWS).
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services --SentinelOne
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
27 flaws in USB-over-network SDK affect millions of cloud users
https://www.bleepingcomputer.com/news/security/27-flaws-in-usb-over-network-sdk-affect-millions-of-cloud-users/
The pandemic of the new coronavirus has led to a surge in demand for remote work worldwide. As a result, the demand for cloud-based virtual desktops is increasing among enterprises, and the use of cloud desktop solutions such as Amazon WorkSpaces is accelerating. Many cloud providers like AWS, which provide cloud desktop services, leverage the Eltima SDK, a software development kit (SDK) provided by Eltima Software, to share and access USB devices over the Internet or LAN. It realizes the 'USB over Ethernet' function that is possible.
Exploiting a vulnerability in the Eltima SDK could remotely elevate cloud desktop permissions and allow code to be executed in kernel mode. 'These vulnerabilities allow an attacker to elevate privileges, disable security products, overwrite system components, destroy operating systems, or perform malicious operations without interruption,' SentinelOne said. '.
Sentinel Labs reported a vulnerability in the Eltima SDK to Eltima Software in the second quarter of 2021. The 27 vulnerabilities discovered and reported by Sentinel Labs are:
・CVE-2021-42972
・CVE-2021-42973
・CVE-2021-42976
・CVE-2021-42977
・CVE-2021-42979
・CVE-2021-42980
・CVE-2021-42983
・CVE-2021-42986
・CVE-2021-42987
・CVE-2021-42988
・CVE-2021-42990
・CVE-2021-42993
・CVE-2021-42994
・CVE-2021-42996
・CVE-2021-43000
・CVE-2021-43002
・CVE-2021-43003
・CVE-2021-43006
・CVE-2021-43637
・CVE-2021-43638
・CVE-2021-42681
・CVE-2021-42682
・CVE-2021-42683
・CVE-2021-42685
・CVE-2021-42686
・CVE-2021-42687
・CVE-2021-42688
In addition, Eltima Software has already released a security update to address the vulnerability in the Eltima SDK. However, Sentinel Labs points out that whether or not a security update was performed 'depends on the cloud service.'
According to SentinelOne, the software and cloud platforms affected by the vulnerabilities found in the Eltima SDK are: However, since SentinelOne is not aware of all software and cloud platforms that use the Eltima SDK, it is quite possible that there are other tools that are affected by the vulnerability.
・Amazon Nimble Studio AMI (before July 29, 2021)
-Amazon NICE DCV (Windows: 2021.1.7744, Linux: 2021.1.3560, Mac: 2021.1.3590)
-Amazon WorkSpaces Agent v1.0.1.1537
-Amazon AppStream v1.1.304
-NoMachine (all Windows versions, v4.0.346 or later, v.7.7.4 or earlier)
・HyWorks Client for Windows (v3.2.8.180 or earlier)
-HyWorks DVM Tools for Windows (v3.3.1.102 or earlier)
・ Eltima USB Network Gate (v7.0.1370-v9.2.2420)
・Amzetta zPortal Windows zClient
・ Amzetta zPortal DVM
・FlexiHub (v3.3.11481-v5.2.14094)
・Donglify (v1.0.12309-v1.7.14110)
Also, it seems that some tools are vulnerable on the client side, others are vulnerable on the server side, or both are vulnerable.
However, 'No cases of exploiting the vulnerability of Eltima SDK have been found,' Sentinel Labs wrote, and at the time of writing the article, no cases of exploiting the vulnerability have been found. However, technology media Bleeping Computer said, 'Although we have not confirmed any cases of exploitation of the vulnerability, considering the release of this kind of technical report, there is a possibility that exploitation cases will appear in the future.' It is written.
Bleeping Computer points out that 'administrators need to revoke privileged credentials before applying security updates and scrutinize logs for signs of suspicious activity.'
Related Posts:
in Software, Posted by logu_ii