Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been “unwittingly inherited” by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities.
“These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,” SentinelOne Senior Security Researcher, Kasif Dekel, said in a report shared with The Hacker News.
The 27 flaws have since been addressed in Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zPortal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify.
At its core, the issues reside in a product developed by Eltima that offers “USB over Ethernet” capabilities, and enables desktop virtualization services like Amazon WorkSpaces to redirect connected USB devices such as webcams to their remote desktop.
Specifically, the vulnerabilities can be traced back to two drivers that are responsible for USB redirection — “wspvuhub.sys” and “wspusbfilter.sys” — leading to a buffer overflow scenario that could result in the execution of arbitrary code with kernel-mode privileges.
images from Hacker News