Netwrix Auditor contains a security flaw that could be exploited to execute any code on a vulnerable device. This vulnerability has been discovered by researchers.
It is likely that the attacker will be able to compromise Active Directory as this service is typically run with elevated privileges in an Active Directory environment.
All IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware and other systems can be viewed from a single console using Auditor—an auditing and visibility platform.
Over 11,500 customers across 100 countries, including Airbus, Virgin, King's College Hospital, and Credissimo use the software developed by Netwrix.
Untrusted user-controllable data is parsed to cause remote code execution attacks on all supported versions prior to 10.5. The flaw has been described as an insecure object deserialization.
An actor can run arbitrary commands on the Netwrix server thanks to an unsecured.NET remoting service accessible on TCP port 9004.
Attackers could take full control of the Netwrix server by exploiting this flaw, according to Jordan Parkin, a security researcher at Bishop Fox.
Auditor 10.5 was released on June 6 and is recommended for use by organizations that rely on the software.
Post a Comment
Your suggestions and comments are welcome