HomeUpdateMultiple Security flaws in the Eltima SDK Hinder Cloud Service Providers

Multiple Security flaws in the Eltima SDK Hinder Cloud Service Providers


Last Updated on 07/12/2021 by Riya

Researchers discovered various flaws in Eltima’s third-party driver software, which has been “unintentionally adopted” by cloud pc solutions including Amazon Workspaces, Acops, and NoMachine, and can allow adversaries to carry out a variety of destructive operations. In a post published in The Hacker News, SentinelOne researchers warned that,

“Such flaws empower cybercriminals to gain permissions to deactivate antivirus software, rewrite critical components, disrupt the os, or execute harmful tasks freely.”

Amazon Nimble Studio AMI, Amazon NICE DCV, Amazon WorkSpaces, Amazon AppStream, NoMachine, Accops HyWorks, Accops HyWorks DVM Tools, Eltima USB Network Gate, Amzetta zportal Windows zClient, Amzetta zPortal DVM Tools, FlexiHub, and Donglify have all been updated to remedy the vulnerabilities.

The issues are rooted in an Eltima product that supports “USB over Ethernet” functionalities, allowing desktop virtualization providers including Amazon WorkSpaces to route associated USB devices including webcams to their remote pcs.

The flaws can indeed be discovered in two USB redirection drivers, “wspvuhub.sys” and “wspusbfilter.sys”. According to SentinelOne researchers,

“The threat actors having exposure to an organization’s network may also be able to run code on unsecured systems and leverage this weakness to access special local right acceleration.”

“Threat actors can use additional strategies, including techniques to go deeper into a network in search of sensitive data, to switch to the larger network.”

Riya is a technology enthusiast and an avid researcher. She writes about consumer tech, hacking, and technology consumer issues at TheDigitalHacker.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...