Arbitrary code execution on local Windows servers
Who is this article for?
Incydr, yes.
CrashPlan for Enterprise, yes.
Code42 for Enterprise, yes.
CrashPlan for Small Business, no.
Overview
This article provides details about a security vulnerability on Code42 servers on Windows.
Description
A vulnerability has been identified that may allow an attacker to escalate privilege and execute arbitrary code on a local Windows Code42 server.
Affected product and versions
- Code42 for Enterprise
- Code42 server version 7.0.2 and earlier on Windows
Resolution
This vulnerability is fixed in on-premises Code42 server version 7.0.3. To remediate this vulnerability, upgrade your environment.
CVE details
| CVE ID | CVE-2019-16861 |
|---|---|
| Date published | November 15, 2019 |
| Number of vulnerabilities | 1 |
| Vulnerability type | Other – Untrusted search path |
| CVSS v3 |
Score: 7.8 Vector string: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack type | Local |
| Impact | Code execution |
| Attack vectors | An attacker could escalate privilege and execute arbitrary code on a local Windows server. |
| Affected components | Code42 authority server and storage servers |
| Full description |
In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. |
| Acknowledgements | Thank you to Peleg Hadar of SafeBreach Labs for discovering and reporting this vulnerability. |
Other Code42 resources
- Code42: Security
-
If you want to be notified when Code42 identifies a security vulnerability, navigate to the Code42 email preferences page and check the box "Common Security and Vulnerability Reports" in the preferences form.
