FEBRUARY 2023 I
Access Manager privilege escalation CVE-2023-23592
SUMMARY
A vulnerability has been discovered in the WALLIX Access Manager product that may allow an attacker to access sensitive information. The attacker could use this vulnerability to gain illegitimate accesses.
WALLIX recommends to immediately apply the published fixes, or before it is applied, the workaround described below.
Affected Products
All versions of WALLIX Access Manager.
Workarounds
The following article of our knowledge base provides you with the workaround procedure.
https://support.wallix.com/s/article/How-can-I-mitigate-CVE-2023-23592
Fixed Software
Hotfixes versions are available on our download portal:
Exploitation and Public Announcements
WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. However, it is recommended to look for any abnormal activity on the WALLIX Bastions that are connected to WALLIX Access Manager. In particular it is recommended to look for unusual IP used by privileged users that may be used by multiple user accounts.
Source
Internal security checks
DECEMBER 2021 |
Log4J remote code execution vulnerability (CVE-2021-44228)
SUMMARY
Alibaba Cloud Security Team published a vulnerability in log4j, a common Java logging library on the 9th of December 2021. (CVE-2021-44228) This vulnerability allows for unauthenticated remote code execution on Java applications.
Affected Products
All versions of WALLIX Access Manager
Workarounds
The default configuration of WALLIX Access Manager prevents from exploiting the said vulnerability on the login field.
However, in order to prevent any possibility to find an exploit in the event of a modification of the default configuration of the WALLIX Access Manager, the WALLIX team proposes a patch which deactivates the faulty class of the log4j library.
This patch applies to all releases of Access Manager from 2.0 version on.
The following article of our knowledge base provides you with the access to the patch as well as the procedure to install it.
https://support.wallix.com/s/article/CVE-2021-44228-Mitigation-procedure
Fixed Software
An update of the Log4J version is planned alongside the Access Manager version 3.0.11.
This version is planned to be released by the end of December 2021.
Exploitation and Public Announcements
WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. However, it is recommended to look for any abnormal activity on the WALLIX Bastions that are connected to WALLIX Access Manager. In particular it is recommended to look for creation of new users or authorizations especially since the publication of the CVE
Source
Alibaba Cloud Security Team published a vulnerability in log4j, a common Java logging library on the 9th of December 2021. (CVE-2021-44228)
JANUARY 2021 |
Sudo Privilege Escalation affecting WALLIX Products – CVE-2021-3156
SUMMARY
The Qualys Research Team has discovered a heap overflow vulnerability in sudo (CVE-2021-3156), any local unprivileged user can gain root privileges on a vulnerable host using a default sudo configuration by exploiting this vulnerability.
sudo can only be exploited locally. This means that either :
- The user is connected on the WALLIX Bastion, through the wabadmin account, on the administration interface. This user can then exploit sudo to become root and bypass all securities of WALLIX Bastion
- A Remote Code Exploitation (RCE) vulnerability exists in another piece of WALLIX software or third party, that will provides a local shell. After successfully exploiting this vulnerability, the attacker will be able to exploit sudo to become root. To WALLIX knowledge, an up-to-date Bastion does not have such vulnerability
Affected Products
- All versions prior to WALLIX Bastion 8.0.6 (included)
- All versions 8.1 and 8.2
Workarounds
There is no workaround to this vulnerability
Fixed Software
This vulnerability is fixed from the WALLIX Bastion 8.0.7 on, and 7.0.14 on.
- A Fix Patch is available for version 8.0.6 and before (it applies for 8.1 and 8.2 versions)
- A Fix patch is available for version 7.0.13 and before
These elements are available on our download site : WALLIX Support: Patches
Exploitation and Public Announcements
WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
On January 26, 2021, Qualys publicly disclosed this vulnerability in a security bulletin at the following link: https://blog.qualys.com
OCTOBER 2018 |
libssh Authentication Bypass Vulnerability Affecting WALLIX Products
SUMMARY
• A vulnerability in libssh could allow an unauthenticated, remote attacker to bypass authentication on a targeted system.
The vulnerability is due to improper authentication operations by the server-side state machine of the affected software. An attacker could exploit this vulnerability by presenting a SSH2_MSG_USERAUTH_SUCCESS message to a targeted system. A successful exploit could allow the attacker to bypass
Affected Products
Affected Products are all versions of WALLIX Bastion
Workarounds
As this impacts only configuration with SSH public key authentication on primary accounts, a workaround is to remove the public keys and use another authentication method (Password, X509, etc…)
Fixed Software
This vulnerability is fixed in the latest supported versions of our software that are available on our download site.
Exploitation and Public Announcements
• WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
Source
• On October 16, 2018, libssh.org publicly disclosed this vulnerability in a security bulletin at the following link: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/