In the world of information and communication technology, even the best industry products are not immune to vulnerabilities.
This can be seen in the recent announcement by Riverbed Technology that it has fixed four crucial vulnerabilities in its SteelCentral portal that were discovered by the Vulnerability Research Team at Digital Defense.
Riverbed Technology is an industry leader in application performance infrastructure, and their SteelCentral portal launched in April 2015 as a popular centralized software solution that enables the management of application performance in increasingly-hybrid information technology environments.
According to information disclosed by Digital Defense, the four zero-day vulnerabilities could facilitate a complete compromise of the portal.
Cyber attackers could potentially exploit these vulnerabilities to gain access to vital application data and compromise other agents on the Riverbed Technology network.
As such, the Vulnerability Research Team regarded these exploits as critical.
The Vice President of research and development at the firm, Mike Cotton, confirmed that the research team had discovered several ways through which an attacker could bypass access restrictions.
This would essentially allow them to take control of appliances within the network.
According to recent reports, Digital Defense privately disclosed the discovery of the vulnerabilities to Riverbed Technology in January and worked together to produce patches for the network security vulnerabilities.
The patches were released and are available to users through Riverbed Technology support portal.
Digital Defense offers Vulnerability Management as a Service (VMaaS) and is especially adept at uncovering zero-day vulnerabilities.
The Vulnerability Research Team was able to discover the unknown system security vulnerabilities during the development process for new audit modules to serve the vulnerability scanning technology that the firm has patented.
The researchers were able to exploit the security vulnerabilities present in versions 1.3.1 and 1.4.0 of the SteelCentral portal.
It is crucial to note that for any attacker to successfully exploit the four vulnerabilities, they need to be on the Riverbed network.
Amongst the four vulnerabilities in the portal, two are considered more critical due to their ability to facilitate an arbitrary code execution with system privileges.
The two are remote command execution flaws and can be exploited to completely compromise the portal’s application host.
The system privileges would allow an attacker to comprise the connected data sources.
According to the Digital Defense alert, this is possible due to vulnerabilities in the UploadImageServlet function.
Users without authentication can remotely access the flawed directory and upload arbitrary file content bearing arbitrary filenames.
Consequently, an attacker can upload a JavaServer Page (JSP) shell, which is capable of running commands with system privileges as a way to be able to gain complete control of the SteelCentral portal application host.
Digital Defense further warned that a compromised host leads to the compromise of all the connected data sources through the decryption of encrypted administrator credentials.
The other of the vulnerabilities that could facilitate complete host and connected application compromise was the H2 Web Console.
Going by the advisory issued by Digital Defense, the H2 control feature is accessible remotely without authentication during development as well as in SteelCentral portal default installations.
The Vulnerability Research Team found out that this feature could be exploited to gain access to SteelCentral portal’s PostgreSQL database via default credentials.
Remote connections to the PostegreSQL database are not normally allowed, however, the H2 web console vulnerability enables a user to bypass this restriction via a localhost connection.
Following connection to the PostgreSQL database, the user is able to input the JavaServer Page file content into a newly created table and then transfer the contents of the table to the root directory of the web application.
This enables them to access a web shell without needed authentication and run arbitrary commands with system privileges.
This security flaw also places both the portal host and connected SteelCentral portal data sources at risk of complete compromise.
The other two vulnerabilities discovered by the research team are information disclosure flaws.
These potential vulnerabilities would facilitate the enumeration of unauthenticated users and disclosure of crucial administrator usernames.
The vulnerabilities were present in the roleService Web Service and DataSourceService.
Exploitation of these flaws would enable a brute force cyber-attack on the SteelCentral portal interface.