SentinelOne Report Details 27 Vulnerabilities In Eltima SDK

A new report from SentinelOne details 27 vulnerabilities in the Eltima SDK, a USB-over-network library used by numerous cloud providers to remotely mount a local USB drive. The software and cloud platforms affected include Amazon WorkSpaces, FlexiHub and more. Exploiting these flaws would allow remote threat actors to gain elevated access on a cloud desktop to run code in kernel mode. 

Yan Michalevsky, CTO and Cofounder, Anjuna Security:

“The implication of this flaw is that remote attackers can gain privileged access on cloud instances and potentially compromise data.This is where Confidential Computing can further protect applications and data even when the infrastructure is compromised and attackers gain admin access.”

“This is just one example of what has been known for a while:  Today’s computing infrastructure isn’t safe. Any host data and security protection can be compromised via USB but also through multiple other software-based avenues that lead to the holy grail:  Unencrypted host memory.” 

There’s no sign of a widespread exploitation of the issues that SentinelOne has raised, and the vendors have been notified and taken action to mitigate them. But you can bet the bad guys are going to start to exploit this now that this report is out there if people don’t take the mitigation steps in the report.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: