Aternity's Response to Remote Execution Vulnerabilities for AppInternals Agent

Categories:
AppInternals Xpert
Solution Number:
S36247
Last Modified:
2022-08-26
Description
Several CVEs were recently found in the AppInternals Agent that could potentially be used for Remote Code Execution and other attacks on the server it is installed on. Each of the identified issues have a page where full details of the vulnerability can be found.
 
CVE KB Article
CVE-2021-42786 Remote Code Execution at AgentControllerServlet
CVE-2021-42787 Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet
CVE-2021-42853 Directory Traversal Delete/Read at AgentDiagnosticServlet
CVE-2021-42854 Directory Traversal Read/Write/Delete at PluginServlet
CVE-2021-42855 Local Privilege Escalation due to Misconfigured Write Permission on .debug_command.config file
CVE-2021-42856 Reflected Cross-site Scripting at DsaDataTest
CVE-2021-42857 Directory Traversal Partial Write at AgentDsaServlet
Solution
All listed vulnerabilities have been fixed in AppInternals Agent GA versions 11.8.8 and 12.14.0 and later. These versions are available for download on the Aternity Support portal.

If it is not immediately possible to upgrade the system, then a temporary mitigation would be to ensure that the affected server has a firewall that prohibits external access to port 2111. This port is only used locally by the agent, so restricting it to local access will prevent network exploitation of these vulnerabilities.

 
Environment
AppInternals Agent Versions <11.8.8, 12.x<12.13, 10.x
Attachments
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case