CVE-2021-42855 – Local privilege escalation due to misconfigured write permission on .debug_command.config file
https://notcve.org/view.php?id=CVE-2021-42855
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the ".debug_command.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map the corresponding ID to a command to be executed. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals usa el archivo ".debug_command.config" para almacenar una cadena json que contiene una lista de ID y comandos preconfigurados. El archivo de configuración es usado posteriormente por la API "/api/appInternals/1.0/agent/configuration" para asignar el ID correspondiente a un comando a ejecutar • https://aternity.force.com/customersuccess/s/article/Local-privilege-escalation-due-to-misconfigured-write-permission-on-debug-command-config-file-CVE-2021-42855 • CWE-284: Improper Access Control CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2021-42786 – Remote Code Execution at AgentControllerServlet
https://notcve.org/view.php?id=CVE-2021-42786
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) has Remote Code Execution vulnerabilities in multiple instances of the API requests. The affected endpoints do not have any input validation of the user's input that allowed a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) de SteelCentral AppInternals presenta vulnerabilidades de ejecución de código remota en varias instancias de las peticiones de la API. Los puntos finales afectados no comprueban la entrada del usuario, lo que permite inyectar una carga útil maliciosa • https://aternity.force.com/customersuccess/s/article/Remote-Code-Execution-at-AgentControllerServlet-CVE-2021-42786 • CWE-20: Improper Input Validation •
CVE-2021-42853 – Directory Traversal Delete/Read at AgentDiagnosticServlet
https://notcve.org/view.php?id=CVE-2021-42853
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDiagnosticServlet has directory traversal vulnerability at the "/api/appInternals/1.0/agent/diagnostic/logs" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected. Se ha detectado que el agente de muestreo dinámico (DSA) AgentDiagnosticServlet de SteelCentral AppInternals presenta una vulnerabilidad salto de directorio en la API "/api/appInternals/1.0/agent/diagnostic/logs". El endpoint afectado no comprueba la entrada del usuario, lo que permite inyectar una carga maliciosa • https://aternity.force.com/customersuccess/s/article/Directory-Traversal-Delete-Read-at-AgentDiagnosticServlet-CVE-2021-42853 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-15592
https://notcve.org/view.php?id=CVE-2020-15592
SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privilege Escalation via a crafted file. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. The remotely callable methods from remotable objects available through interprocess communication allow loading of arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins” directory, where the name of the plugin is passed as part of an XML-serialized object. However, because the name of the DLL is concatenated with the “. • https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-15593
https://notcve.org/view.php?id=CVE-2020-15593
SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. • https://aternity.force.com/customersuccess/s/article/Recorder-tool-security-notification-mitigation-steps-for-On-Prem https://sec-consult.com/en/blog/advisories/privilege-escalation-vulnerability-in-steelcentral-aternity-agent-cve-2020-15592-cve-2020-15593 •