MNDT-2022-0027
Archer Platform 6.x before 6.11 (6.11.0.0) contains a Remote Code Execution Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. 6.10 P2 (6.10.0.2) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.
Common Weakness Enumeration
CWE-434: Unrestricted Upload of File with Dangerous Type
Impact
Very High - An authenticated attacker who exploits this vulnerability could execute arbitrary code on the affected host, which could disclose sensitive data and give the attacker a foothold into the victim's environment.
Exploitability
High - An attacker would need to discover the vulnerable endpoints and upload malicious code to exploit this issue.
CVE Reference
CVE-2021-33615
Technical Details
It's possible to upload arbritary files to the IconUploadHandler.ashx and GraphicUploadHandler.ashx endpoints. A threat actor can use this to upload an ASP web shell to execute arbvritary code on the underlying web server.
Discovery Credits
Mandiant, Angelo Alviar, Michael Maturi, and Troy Knutson
Disclosure Timeline
- 2021-05-27 - Issue reported to RSA Archer.
- 2022-05-26 - RSA Archer released a patch and posted a public Security Advisory.