Singapore reveals four critical Riverbed flaws • The Register

Singapore’s Cyber ​​Security Group, an agency responsible for securing the country’s cyberspace, has discovered four critical flaws in the code of network software company Riverbed.

The vulnerable application is SteelCentral AppInternals, formerly known as AppInternals Xpert, provided by the Aternity division of Riverbed. AppInternals provides application performance monitoring and diagnostics and is part of SteelCentral. Customers usually deploy it in their data center and cloud servers to collect performance information, transaction traces, etc., so that everything can be monitored from a centralized user interface.

Specifically, the insecure code resides in the Dynamic Sampling Agent, which is the sampling component of AppInternals. The versions concerned, according to a CVE record, include 10.x, versions earlier than 12.13.0, and versions earlier than 11.8.8. of eternity advisory about security vulnerabilities is locked behind a customer login page. We asked the seller for more information.

News of the rifts appeared in a blog post by cybersecurity specialist Kang Hao Leng, who said the discovery was made in November 2021.

Along with two others, Kang found a total of seven bugs while testing Riverbed’s products, four of which were categorized as critical, all in AppInternals’ dynamic sampling agent.

The four critical vulnerabilities are listed as CVE-2021-42786, CVE-2021-42787, CVE-2021-42853and and CVE-2021-42854.

All four are rated 9.8, 9.4, 9.1, and 9.8 out of 10 respectively on the CVSS scale, the worst of which can be exploited by an unauthenticated user to inject and execute payloads of malicious code on a distant target.

For CVE-2021-42786, this software API remote code execution vulnerability is a lack of input validation of a URL path. For CVE-2021-42787, a lack of input validation of a filename allowed attackers to use characters like “../” as a name, leading to potential directory traversal, which means that criminals could gain unauthorized access to restricted resources.

CVE-2021-42853 and CVE-2021-42854 also involved directory-crossing vulnerabilities in API endpoints. The blog post describes the flaws in detail and assures us that the bugs have been fixed, and Kang said the fix was quick. Users of Riverbed software should ensure that they are current with their deployments.

“Riverbed worked with the research team on assessing, identifying and mitigating vulnerabilities as they were discovered, evaluated and validated,” said Wayne Loveless, CISO, at Riverbed. The register.

“Product Engineering and Security teams have security assessment and testing processes built into our Software Development Life Cycle (SDLC). Riverbed customer support through the Support Portal.” ®

Comments are closed.