Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, no.

Incydr Basic, Advanced, and Gov F1, yes.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Arbitrary code execution via malicious Code42 app proxy configuration

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, no.

Incydr Basic, Advanced, and Gov F1, yes.

Overview

This article provides details about a security vulnerability affecting the Code42 app installed on user devices.  

To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.

For more information about security at Code42, see our Security page. If you believe you've found a Code42 security vulnerability, see Report a security vulnerability to Code42.

If you have questions or concerns, contact our Technical Support Engineers.

Description

A vulnerability has been identified that could allow an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file.

Affected product and versions

  • Code42 app version 8.7.1 and earlier
  • Incydr Professional, Enterprise, Horizon, and Gov F2 are not affected

Resolution

This vulnerability is fixed in Code42 app version 8.8.0 and later.

  • Code42 cloud environments automatically upgraded to Code42 app 8.8 in November and December, 2021.
  • On-premises Code42 environments must follow these steps to lock proxy settings to resolve this vulnerability.  

CVE details

CVE ID CVE-2021-43269
Date published January 18, 2022
Number of vulnerabilities 1
Vulnerability type Other – Code execution
CVSS v3

Score: 7.0

Vector string: 3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack type  Remote 
Impact Code execution
Attack vectors An attacker could escalate privilege and execute arbitrary code on a device.
Affected component Code42 app
Description of the vulnerability

If the device proxy settings were not locked in the Code42 console, a non-administrative attacker could change the Code42 app proxy configuration to use a malicious proxy auto-config (PAC) file. The malicious PAC file could then potentially execute arbitrary code at an elevated privilege on a device.

Acknowledgements Thank you to Bartłomiej Górkiewicz for discovering and reporting this vulnerability. 

Other Code42 resources

  • Code42: Security
  • If you want to be notified when Code42 identifies a security vulnerability, navigate to the Code42 email preferences page and check the box "Common Security and Vulnerability Reports" in the preferences form. 

    Code42-preferences-4-9-21.png

  • Was this article helpful?