Arbitrary code execution via malicious Code42 agent proxy configuration

Overview

This article provides details about a security vulnerability affecting the Code42 agent installed on user devices.  

To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.

For more information about security at Code42, see our Security page. If you believe you've found a Code42 security vulnerability, see Report a security vulnerability to Code42.

If you have questions or concerns, contact our Technical Support Engineers.

Description

A vulnerability has been identified that could allow an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file.

Affected product and versions

  • Legacy agent version 8.7.1 and earlier
  • Incydr Professional, Enterprise, Horizon, and Gov F2 are not affected

Resolution

This vulnerability is fixed in Code42 agent version 8.8.0 and later.

  • Code42 cloud environments automatically upgraded to Code42 agent 8.8 in November and December, 2021.
  • On-premises Code42 environments must follow these steps to lock proxy settings to resolve this vulnerability.  

CVE details

CVE ID CVE-2021-43269
Date published January 18, 2022
Number of vulnerabilities 1
Vulnerability type Other – Code execution
CVSS v3

Score: 7.0

Vector string: 3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack type  Remote 
Impact Code execution
Attack vectors An attacker could escalate privilege and execute arbitrary code on a device.
Affected component Code42 agent
Description of the vulnerability

If the device proxy settings were not locked in the Code42 console, a non-administrative attacker could change the Code42 agent proxy configuration to use a malicious proxy auto-config (PAC) file. The malicious PAC file could then potentially execute arbitrary code at an elevated privilege on a device.

Acknowledgements Thank you to Bartłomiej Górkiewicz for discovering and reporting this vulnerability. 

Other Code42 resources

  • Code42: Security
  • If you want to be notified when Code42 identifies a security vulnerability, navigate to the Code42 email preferences page and check the box "Common Security and Vulnerability Reports" in the preferences form. 

    Code42-preferences-4-9-21.png