Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services

2021-12-10 12:22

SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like Amazon Workspaces, NoMachine and Accops to allow users to connect and share local devices over network.

The vulnerabilities affect both the cloud services and their end users.

The 27 CVE-numbered vulnerabilities affect a number of cloud services by providers such as Amazon, Eltima, Accops, NoMachine, Amzetta, FlexiHub and Donglify, whose virtual desktop, application streaming, and "USB over Ethernet" sharing services have become increasingly popular due to the work-from-home model adopted by companies during the height of the Covid-19 pandemic.

The vulnerabilities are integer and buffer overflow vulnerabilities that could allow local attackers to execute arbitrary code in kernel mode or cause a denial of service.

"Among the obvious abuses of such vulnerabilities are that they could be used to bypass security products. An attacker with access to an organization's network may also gain access to execute code on unpatched systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement," the researchers explained.

Eltima has released fixed versions of the SDK and its vulnerable Eltima USB Network Gate offering.

News URL

https://www.helpnetsecurity.com/2021/12/10/cloud-desktop-usb-sharing/

#cloud #desktop #SDK #USB #vulnerabilities