LPE vulnerability in Eltima (3rd-party cloud desktop driver)
Published Tue, Dec 7th, 2021
Platforms
Summary
Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide USB over Ethernet capabilities, to allow users to connect and share local devices such as webcams. SentinelLabs discovered vulnerabilities in Eltima drivers, including proprietary versions used by several cloud services (among them AWS Workspaces), that would allow unprivileged users to escalate privileges to kernel mode.
Affected Services
WorkSpaces
Remediation
AWS Workspaces users must manually update if they have either AutoStop WorkSpaces with maintenance disabled or AlwaysOn WorkSpaces with OS updates disabled.
Tracked CVEs
CVE-2021-42972, CVE-2021-42973, CVE-2021-42976, CVE-2021-42977, CVE-2021-42979, CVE-2021-42980, CVE-2021-42983, CVE-2021-42986, CVE-2021-42987, CVE-2021-42988, CVE-2021-42990, CVE-2021-42993, CVE-2021-42994, CVE-2021-42996, CVE-2021-43000, CVE-2021-43002, CVE-2021-43003, CVE-2021-43006, CVE-2021-43637, CVE-2021-43638, CVE-2021-42681, CVE-2021-42682, CVE-2021-42683, CVE-2021-42685, CVE-2021-42686, CVE-2021-42687, CVE-2021-42688
References
Contributed by https://github.com/kasif-dekel
Entry Status
Finalized
Disclosure Date
Sun, May 2nd, 2021
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
None
Piercing Index Rating
-
Discovered by
Kasif Dekel, SentinelOne
