high

LPE vulnerability in Eltima (3rd-party cloud desktop driver)

Published Tue, Dec 7th, 2021
Platforms

Summary

Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide USB over Ethernet capabilities, to allow users to connect and share local devices such as webcams. SentinelLabs discovered vulnerabilities in Eltima drivers, including proprietary versions used by several cloud services (among them AWS Workspaces), that would allow unprivileged users to escalate privileges to kernel mode.

Affected Services

WorkSpaces

Remediation

AWS Workspaces users must manually update if they have either AutoStop WorkSpaces with maintenance disabled or AlwaysOn WorkSpaces with OS updates disabled.

Tracked CVEs

CVE-2021-42972, CVE-2021-42973, CVE-2021-42976, CVE-2021-42977, CVE-2021-42979, CVE-2021-42980, CVE-2021-42983, CVE-2021-42986, CVE-2021-42987, CVE-2021-42988, CVE-2021-42990, CVE-2021-42993, CVE-2021-42994, CVE-2021-42996, CVE-2021-43000, CVE-2021-43002, CVE-2021-43003, CVE-2021-43006, CVE-2021-43637, CVE-2021-43638, CVE-2021-42681, CVE-2021-42682, CVE-2021-42683, CVE-2021-42685, CVE-2021-42686, CVE-2021-42687, CVE-2021-42688

References

Disclosure Date
Sun, May 2nd, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Kasif Dekel, SentinelOne