Headline
CVE-2022-1410: A Red Team Perspective on the Device42 Asset Management Appliance
OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Modern IT environments rely on automatic discovery, asset management, and dependency mapping.
Whether based on agents or completely agentless, these tools allow IT infrastructure managers to create a complete inventory of networked devices, servers and hypervisors, applications, and more.
While investigating the Device42 platform, we found multiple severe security issues exploitable by attackers with any level of access within the host network.
By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the appliance files and database (through remote code execution).
By daisy-chaining multiple vulnerabilities, an attacker can achieve remote code execution with root privileges starting from an unauthenticated session:
- Authentication bypass with an unauthenticated local file inclusion vulnerability discovered in the Exago reports component by extracting valid session IDs of authenticated users
- Remote code execution by creating an autodiscovery task (*nix/CISCO NX-OS) with crafted RCE payload as username
Besides these critical vulnerabilities, we also identified a remote code execution vulnerability in the appliance manager component.
The full research paper is available for download below:
Download the Whitepaper
Mitigation
Part of our mission to keep customers safe is to identify vulnerabilities in applications and IoT devices and then to responsible disclose our findings to the affected vendors so they can work on fixes. Once these fixes become available, they should be immediately deployed by organizations already running vulnerable versions of the app. Vulnerable instances of the Device42 appliance should be updated to version 18.01.00 to prevent exploitation.
We would like to extend our thanks to the Device42 team for working with us and quickly making a fix available.
Related news
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. "By exploiting these issues, an attacker could impersonate other users, obtain admin-level access in the application (by leaking session with an LFI) or obtain full access to the
Four serious security issues on the popular appliance could be exploited by hackers with any level of access within the host network, Bitdefender researchers say.