Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability that could lead to Active Directory domain compromise.
The firm at the rear of the software program, statements extra than 11,500 shoppers throughout about 100 international locations, this kind of as Airbus, Virgin, King’s Faculty Healthcare facility, and Credissimo, between other people.
The flaw, which affects all supported versions prior to 10.5, has been described as insecure object deserialization, which occurs when untrusted user-controllable data is parsed to inflict code execution attacks on distance.
The root cause of the bug is an insecure .NET remoting service accessible on TCP port 9004 on the server, allowing an actor to execute arbitrary commands on the server.
Since the command was run with NT AUTHORITY\SYSTEM privileges, exploiting this issue would allow an attacker to completely compromise the Netwrix server,” said Jordan Parkin of Bishop Fox.
Recommendation for Bug
Organizations should immediately update their Netwrix applications to the latest version- 10.5 release.