Various cloud service providers impacted by Eltima SDK bugs

SentinelOne researchers reported that numerous cloud service providers have been affected by 27 security flaws in an Eltima driver software, which could enable the execution of malicious activities, according to The Hacker News. “These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded,“ said researcher Kasif Dekel. Various providers, including Amazon Nimble Studio AMI, Amazon WorkSpaces, Amazon NICE DCV, Amazon AppStream, Accops HyWorks, Accops HyWorks DVM Tools, No Machine, Amzetta zPortal Windows zClient, Amzetta zPortal DVM Tools, Eltima USB Network Gate, Donglify, and FlexiHub, have already addressed the bugs, which were found in an Eltima product providing “USB over Ethernet“ capabilities. “An attacker with access to an organization’s network may also gain access to execute code on unpatched systems and use this vulnerability to gain local elevation of privilege. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement,“ said SentinelOne, which also noted that there has been no evidence indicating any vulnerability exploitation.