Eltima SDK Comprise A number of Vulnerabilities Affecting A number of Cloud Service Supplies


Cybersecurity researchers have disclosed a number of vulnerabilities in a third-party driver software program developed by Eltima which were “unwittingly inherited” by cloud desktop options like Amazon Workspaces, Accops, and NoMachine and will present attackers a path to carry out an array of malicious actions.

“These vulnerabilities enable attackers to escalate privileges enabling them to disable safety merchandise, overwrite system parts, corrupt the working system, or carry out malicious operations unimpeded,” SentinelOne researchers mentioned in a report shared with The Hacker Information.

The issues have since been addressed in Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Instruments, Eltima USB Community Gate, Amzetta zPortal Home windows zClient, Amzetta zPortal DVM Instruments, FlexiHub, and Donglify.

Automatic GitHub Backups

At its core, the problems reside in a product developed by Eltima that provides “USB over Ethernet” capabilities, and allows desktop virtualization providers like Amazon WorkSpaces to redirect related USB units resembling webcams to their distant desktop.

Particularly, the vulnerabilities could be traced again to 2 drivers which can be accountable for USB redirection — “wspvuhub.sys” and “wspusbfilter.sys” — resulting in a buffer overflow situation that might end result within the execution of arbitrary code with kernel-mode privileges.

BSoD Proof Of Idea

“An attacker with entry to a company’s community may acquire entry to execute code on unpatched programs and use this vulnerability to realize native elevation of privilege,” the cybersecurity agency famous. “Attackers can then leverage different strategies to pivot to the broader community, like lateral motion.”

The invention marks the fourth set of safety vulnerabilities affecting software program drivers which were uncovered by SentinelOne for the reason that begin of the 12 months.

Prevent Data Breaches

Earlier this Might, the Mountain View-based firm disclosed quite a lot of privilege escalation vulnerabilities in Dell’s firmware replace driver named “dbutil_2_3.sys” that went undisclosed for greater than 12 years. Then in July, it additionally made public a high-severity buffer overflow flaw impacting “ssport.sys” and utilized in HP, Xerox, and Samsung printers that have been discovered to have remained undetected since 2005.

And in September, SentinelOne made public a high-severity flaw within the HP OMEN driver software program “HpPortIox64.sys” that might enable menace actors to raise privileges to kernel mode with out requiring administrator permissions, permitting them to disable safety merchandise, overwrite system parts, and even corrupt the working system.



Leave a Comment