Overview
This article provides details about a security vulnerability affecting the Code42 agent installed on user devices.
Description
A vulnerability has been identified that could allow an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file.
Affected product and versions
- Legacy agent version 8.7.1 and earlier
- Incydr Professional, Enterprise, Horizon, and Gov F2 are not affected
Resolution
This vulnerability is fixed in Code42 agent version 8.8.0 and later.
- Code42 cloud environments automatically upgraded to Code42 agent 8.8 in November and December, 2021.
- On-premises Code42 environments must follow these steps to lock proxy settings to resolve this vulnerability.
CVE details
CVE ID | CVE-2021-43269 |
---|---|
Date published | January 18, 2022 |
Number of vulnerabilities | 1 |
Vulnerability type | Other – Code execution |
CVSS v3 |
Score: 7.0 Vector string: 3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Attack type | Remote |
Impact | Code execution |
Attack vectors | An attacker could escalate privilege and execute arbitrary code on a device. |
Affected component | Code42 agent |
Description of the vulnerability |
If the device proxy settings were not locked in the Code42 console, a non-administrative attacker could change the Code42 agent proxy configuration to use a malicious proxy auto-config (PAC) file. The malicious PAC file could then potentially execute arbitrary code at an elevated privilege on a device. |
Acknowledgements | Thank you to Bartłomiej Górkiewicz for discovering and reporting this vulnerability. |
Related topics
Other Code42 resources
- Code42: Security