CVE-2018-9843 which allows remote code execution on the CyberArk Web Access

April 18, 2018

XXX was alerted to CVE-2018-9843 which allows remote code execution on the CyberArk Web Access through the REST API. There is also Proof of Concept code out there for this vulnerability as well.

“Attackers with access to the PrivateArk Vault Web Access REST API may execute arbitrary code on the web server. No credentials are required. Attackers can gain access to the system with the privileges of the web application. Consequently, such access may be used to backdoor the web application and compromise further accounts and credentials. Additionally, attackers may pivot from the web server to attack the vault directly.”

The recommendation is to upgrade to version 9.9.9, 9.10 or 10.2. In case for some reason you can’t upgrade, a possible workaround to mitigate this is by disabling any access to the API at the route / PasswordVault / WebServices.

References

http://seclists.org/fulldisclosure/2018/Apr/18

https://thehackernews.com/2018/04/enterprise-password-vault.html?m=1

FAS Data Security Compliance Program

CVE-2018-9843 which allows remote code execution on the CyberArk Web Access

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale

FAS Data Security Compliance Program

Search form

You are here

CVE-2018-9843 which allows remote code execution on the CyberArk Web Access

News

H-ISAC TIC Vulnerability Bulletin

Flaw in popular PDF creation library enabled remote code execution

Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up

Global DNS Hijacking Campaign: DNS Record Manipulation at Scale