DECEMBER 2021 |

Log4J remote code execution vulnerability (CVE-2021-44228)

SUMMARY

Alibaba Cloud Security Team published a vulnerability in log4j, a common Java logging library on the 9th of December 2021. (CVE-2021-44228) This vulnerability allows for unauthenticated remote code execution on Java applications.

Affected Products

All versions of WALLIX Access Manager

Workarounds

The default configuration of WALLIX Access Manager prevents from exploiting the said vulnerability on the login field.

However, in order to prevent any possibility to find an exploit in the event of a modification of the default configuration of the WALLIX Access Manager, the WALLIX team proposes a patch which deactivates the faulty class of the log4j library.

This patch applies to all releases of Access Manager from 2.0 version on.

The following article of our knowledge base provides you with the access to the patch as well as the procedure to install it.

https://support.wallix.com/s/article/CVE-2021-44228-Mitigation-procedure

Fixed Software

An update of the Log4J version is planned alongside the Access Manager version 3.0.11.

This version is planned to be released by the end of December 2021.

Exploitation and Public Announcements

WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. However, it is recommended to look for any abnormal activity on the WALLIX Bastions that are connected to WALLIX Access Manager. In particular it is recommended to look for creation of new users or authorizations especially since the publication of the CVE

Source

Alibaba Cloud Security Team published a vulnerability in log4j, a common Java logging library on the 9th of December 2021. (CVE-2021-44228)

JANUARY 2021 |
Sudo Privilege Escalation affecting WALLIX Products – CVE-2021-3156
SUMMARY

The Qualys Research Team has discovered a heap overflow vulnerability in sudo (CVE-2021-3156), any local unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.

sudo can only be exploited locally. This means that either :

  • The user is connected on the WALLIX Bastion, through the wabadmin account, on the administration interface. This user can then exploit sudo to become root and bypass all securities of WALLIX Bastion
  • A Remote Code Exploitation (RCE) vulnerability exists in another piece of WALLIX software or third party, that will provides a local shell. After successfully exploiting this vulnerability, the attacker will be able to exploit sudo to become root. To WALLIX knowledge, an up-to-date Bastion does not have such vulnerability

 

Affected Products
  • All versions prior to WALLIX Bastion 8.0.6 (included)
  • All versions 8.1 and 8.2
Workarounds

There is no workaround to this vulnerability

 

Fixed Software

This vulnerability is fixed from the WALLIX Bastion 8.0.7 on, and 7.0.14  on.

  • A Fix Patch is available for version 8.0.6 and before (it applies for 8.1 and 8.2 versions)
  • A Fix patch is available for version 7.0.13 and before

 

These elements are available on our download site : WALLIX Support: Patches

 

Exploitation and Public Announcements

WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

On January 26, 2021, Qualys publicly disclosed this vulnerability in a security bulletin at the following link: https://blog.qualys.com

OCTOBER 2018 |
libssh Authentication Bypass Vulnerability Affecting WALLIX Products
SUMMARY

• A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.

The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass

Affected Products

Affected Products are all versions of WALLIX Bastion

Workarounds

As this impacts only configuration with SSH public key authentication on primary accounts, a workaround is to remove the public keys and use another authentication method (Password, X509, etc…)

Fixed Software

This vulnerability is fixed in the latest supported versions of our software that are available on our download site.

Exploitation and Public Announcements

• WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

• On October 16, 2018, libssh.org publicly disclosed this vulnerability in a security bulletin at the following link: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/