Riverbed’s performance monitoring spinoff Aternity has published seven security advisories describing now-patched vulnerabilities in its AppInternals monitoring agent software.
The most serious of the bugs gave attackers remote code execution with system-level privilege.
Researchers from the Singaporean Government’s Cyber Security Group analysed the Riverbed SteelCentral AppInternals Agent, finding six vulnerabilities in the Dynamic Sampling Agent and one in the AppInternals Agent’s /DsaDataTest endpoint.
The agent software is deployed on data centre machines to gather performance data that’s then returned using HTTP over Port 2111, so the operator can get a uniform view of system performance.
It’s designed to monitor modern cloud environments based on - or using elements of - Docker, Kubernetes, Pivotal, Red Hat OpenShift, OpenStack, Amazon Web Services, Google Cloud Platform, and Azure.
Riverbed has shipped AppInternals Agent versions 11.8.8 and 12.14.0, which include patches for the bugs.
Four of the bugs are rated critical.
For each of the critical bugs – CVE-2021-42786, CVE-2021-42787, CVE-2021-42853, and CVE-2021-42854, as well as the medium-severity CVE-2021-42857 – the researchers discovered that a lack of input validation allowed an attacker to inject malicious code.
CVE-2021-42855 is a local privilege escalation bug, and CVE-2021-42856 allows a reflected cross-site scripting attack.
For the technically-minded, one of the researchers, Kang Hao Leng, detailed the researchers' bug-hunting process here.