SentinelOne Report Details 27 Vulnerabilities In Eltima SDK

A new report from SentinelOne details 27 vulnerabilities in the Eltima SDK, a USB-over-network library used by numerous cloud providers to remotely mount a local USB drive. The software and cloud platforms affected include Amazon WorkSpaces, FlexiHub and more. Exploiting these flaws would allow remote threat actors to gain elevated access on a cloud desktop to run code in kernel mode. 

Yan Michalevsky, CTO and Cofounder, Anjuna Security:

“The implication of this flaw is that remote attackers can gain privileged access on cloud instances and potentially compromise data.This is where Confidential Computing can further protect applications and data even when the infrastructure is compromised and attackers gain admin access.”

“This is just one example of what has been known for a while:  Today’s computing infrastructure isn’t safe. Any host data and security protection can be compromised via USB but also through multiple other software-based avenues that lead to the holy grail:  Unencrypted host memory.” 

There’s no sign of a widespread exploitation of the issues that SentinelOne has raised, and the vendors have been notified and taken action to mitigate them. But you can bet the bad guys are going to start to exploit this now that this report is out there if people don’t take the mitigation steps in the report.

Leave a Reply

%d bloggers like this: