Arbitrary code execution via malicious Code42 agent proxy configuration
Who is this article for?
Incydr Professional, Enterprise, Horizon, and Gov F2, no.
Incydr Basic, Advanced, and Gov F1, yes.
This article provides details about a security vulnerability affecting the Code42 agent installed on user devices.
To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
For more information about security at Code42, see our Security page. If you believe you've found a Code42 security vulnerability, see Report a security vulnerability to Code42.
If you have questions or concerns, contact our Technical Support Engineers.
A vulnerability has been identified that could allow an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file.
Affected product and versions
- Legacy agent version 8.7.1 and earlier
- Incydr Professional, Enterprise, Horizon, and Gov F2 are not affected
This vulnerability is fixed in Code42 agent version 8.8.0 and later.
- Code42 cloud environments automatically upgraded to Code42 agent 8.8 in November and December, 2021.
- On-premises Code42 environments must follow these steps to lock proxy settings to resolve this vulnerability.
|Date published||January 18, 2022|
|Number of vulnerabilities||1|
|Vulnerability type||Other – Code execution|
Vector string: 3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|Attack vectors||An attacker could escalate privilege and execute arbitrary code on a device.|
|Affected component||Code42 agent|
|Description of the vulnerability||
If the device proxy settings were not locked in the Code42 console, a non-administrative attacker could change the Code42 agent proxy configuration to use a malicious proxy auto-config (PAC) file. The malicious PAC file could then potentially execute arbitrary code at an elevated privilege on a device.
|Acknowledgements||Thank you to Bartłomiej Górkiewicz for discovering and reporting this vulnerability.|
Other Code42 resources
- Code42: Security
If you want to be notified when Code42 identifies a security vulnerability, navigate to the Code42 email preferences page and check the box "Common Security and Vulnerability Reports" in the preferences form.