The Singapore Cyber Security Group’s team of IT experts discovered a total of seven dangerous vulnerabilities in Riverbed’s network software, four of which turned out to be critical (CVE-2021-42786, CVE-2021-42787, CVE-2021-42853 and CVE-2021-42854).
The vulnerable software is SteelCentral AppInternals (formerly called AppInternals Xpert) for monitoring and diagnosing application performance. Customers usually use this software in data centers and on cloud servers to collect information about performance, transaction traces, etc.
In particular, the vulnerable code is located in the dynamic sampling agent, which is a component of the AppInternals collection. The problem affects software versions 10.x, versions up to 12.13.0 and versions up to 11.8.8.
Critical vulnerabilities received ratings of 9.8, 9.4, 9.1 and 9.8 points, respectively, out of 10 on the CVSS scale. The exploitation of the most dangerous of the problems allows an unauthorized user to remotely inject and run malicious code on the victim’s system.
CVE-2021-42786 — vulnerability of remote code execution in the software API related to the lack of proper validation of the URL path input data. CVE-2021-42787 is a vulnerability of the lack of proper verification of file name input, allowing attackers to use characters such as “../” as a name. Exploiting the vulnerability can lead to potential directory crawling and unauthorized access to limited resources. CVE-2021-42853 and CVE-2021-42854 are also represented by directory vulnerabilities in API endpoints.
Experts informed Riverbed about their findings, and the company released fixes for the vulnerabilities found. Users of Riverbed software are strongly advised to upgrade to the latest version.