Security News > 2021 > December > Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides

Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "Unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities.

"These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researchers said in a report shared with The Hacker News.

Specifically, the vulnerabilities can be traced back to two drivers that are responsible for USB redirection - "Wspvuhub.sys" and "Wspusbfilter.sys" - leading to a buffer overflow scenario that could result in the execution of arbitrary code with kernel-mode privileges.

The discovery marks the fourth set of security vulnerabilities affecting software drivers that have been uncovered by SentinelOne since the start of the year.

Earlier this May, the Mountain View-based company disclosed a number of privilege escalation vulnerabilities in Dell's firmware update driver named "Dbutil 2 3.sys" that went undisclosed for more than 12 years.

In September, SentinelOne made public a high-severity flaw in the HP OMEN driver software "HpPortIox64.sys" that could allow threat actors to elevate privileges to kernel mode without requiring administrator permissions, allowing them to disable security products, overwrite system components, and even corrupt the operating system.

News URL

https://thehackernews.com/2021/12/eltima-sdk-contain-multiple.html