Note that per Qualys, Policy Compliance scans will still require the sudo/root privilege in order to operate as intended for comprehensive detections.Īdditionally, Qualys has changed the way the qualys-cloud-agent conducts its vulnerability signature scans. Through several workshops with Qualys and as a part of remediation efforts, Qualys has updated their documentation to reflect modern installation options for organizations following a least privilege approach and removed a recommended deployment option of installing the agent as root by default. Vulnerability #2: Sensitive information disclosure (CVE ID: CVE-2022-29550)įor detailed information, see Appendix 1.Īt the time of discovery of vulnerability #1, Qualys recommended installing their Cloud Agent for Linux with root privileges in their Cloud Agent for Linux Installation Guide dated March 9, 2022.
#FREECIV SERVER COMMANDS CODE#
Vulnerability #1: Arbitrary code execution (CVE ID: CVE-2022-29549). Together, we went over the list of vulnerabilities, including: Then, members of the Unqork security team partnered with Qualys to help them understand the vulnerabilities and provided a video demonstration showing how the vulnerabilities of the Qualys cloud agent could be abused to execute arbitrary code, leading to privilege escalation and direct control over the endpoint. We promptly reached out to Qualys to inform them of the issues we’d discovered, as well as to the CERT Coordination Center and MITRE to initiate the vulnerability coordination process. We investigated further, ascertaining that a vulnerability existed which we confirmed through the weaponization of simple proof of concept exploits. This cloud agent, we discovered, was running the above command, as well as others that were suspicious, including an attempt to execute the Metasploit binary msfconsole. We were soon able to confirm that the problem lay with the Qualys Cloud Agent, an installable agent for endpoints that enables organizations to execute authenticated scans against their endpoints. The initial alert, which fired on all Linux systems simultaneously within a portion of our cloud estate, was the following command:Įager to find out what was looking for routersploit within our estate, and with a hunch it was a Vulnerability Management component, we started digging. While performing security control validation, countermeasure deployment, and testing, Unqork’s Product Security and Threat Detection & Response teams recently discovered multiple vulnerabilities within the Qualys Cloud Agent and promptly began working with Qualys to remediate them. Typically, this window ranges from 90 to 120 days. This process includes a reasonable approach to the coordination of the disclosure which is usually performed after a vendor has had time to address the issues. Responsible vulnerability disclosure (also known as coordinated vulnerability disclosure) is an industry accepted standard that promotes the responsible disclosure of security research and vulnerabilities to provide a vendor with reasonable time to address vulnerabilities through remediation and mitigation prior to the enacting of public disclosure. Webinars & Events Show submenu for Webinars & Events +. By Initiative Show submenu for By Initiative +. 
By Industry Show submenu for By Industry +.
Components Show submenu for Components +.
0 kommentar(er)
