- #USB NETWORK GATE ELTIMA CODE DRIVERS#
- #USB NETWORK GATE ELTIMA CODE UPDATE#
- #USB NETWORK GATE ELTIMA CODE FULL#
#USB NETWORK GATE ELTIMA CODE UPDATE#
SentinelOne’s post also includes instructions on a manual update that’s necessary on AWS for users that have either maintenance turned off or AlwaysOn WorkSpaces with OS updates turned off. Some of the updates are automatically applied, while others require customers to take action.
#USB NETWORK GATE ELTIMA CODE FULL#
The full list of affected products includes Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zPortal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub and Donglify. The firm reported the flaws last quarter to the appropriate vendors, and they’ve since been fixed. The cybersecurity firm hasn’t detected in-the-wild use of the vulnerabilities, of which there are dozens. “Attackers can then leverage other techniques to pivot to the broader network, like lateral movement.” Not Yet Seen in the Wild “An attacker with access to an organization’s network may also gain access to execute code on unpatched systems and use this vulnerability to gain local elevation of privilege,” SentinelOne noted.
#USB NETWORK GATE ELTIMA CODE DRIVERS#
SentinelOne traced the vulnerabilities to two drivers that are responsible for USB redirection – “wspvuhub.sys” and “wspusbfilter.sys” – that could lead to a buffer overflow that allows an attacker to jack up privileges so as to execute arbitrary code in the kernel.īuffer overflow scenario. Specifically, the vulnerabilities can be used to “disable security products, overwrite system components, corrupt the operating system or perform malicious operations unimpeded,” SentinelOne senior security researcher Kasif Dekel said in a report published on Tuesday. The flaws allow attackers to escalate privileges so that they can launch a slew of malicious actions, including to kick the knees off the very security products that users depend on for protection. The flaws are in the USB Over Ethernet function of the Eltima SDK, not in the cloud services themselves, but because of code-sharing between the server side and the end user apps, they affect both clients – such as laptops and desktops running Amazon WorkSpaces software – and cloud-based machine instances that rely on services such as Amazon Nimble Studio AMI, that run in the Amazon cloud. USB Over Ethernet enables sharing of multiple USB devices over Ethernet, so that users can connect to devices such as webcams on remote machines anywhere in the world as if the devices were physically plugged into their own computers.
That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that enable remote desktop access by using the Eltima software development kit (SDK) to enable the company’s “ USB Over Ethernet” product. Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks.
0 kommentar(er)
