News

Agent vulnerability used in Managed Anti-Virus / Managed Virtual Patch / Managed Host-based Security Package


Thank you for using Enterprise Cloud service.

Overview

[CVE-2022-23119] Directory traversal and code injection vulnerabilities in the Linux version of Agent

In an environment where you are using a Linux-based Agent that is not connected (registered) to the HBS management server with Host-Based Security. An attacker could exploit a directory traversal vulnerability to read arbitrary files.

[CVE-2022-23120] Code injection vulnerability in Linux version Agent

In an environment where you are using a Linux-based Agent that is not connected (registered) to the HBS management server with Host-Based Security. An attacker could exploit the privilege escalation by code injection to execute arbitrary code as root. It may be affected by data tampering or program modification.

Vulnerability conditions

In order to exploit this vulnerability, the following conditions must be met.

-Deep Security Linux version Agent version less than 11.0.0-2256
-Linux version Agent that is not connected (registered) to the HBS management server

* If you have previously disconnected using the service, or an Agent not registered because it is a backup system, etc.
* Windows version Agent is not affected by this vulnerability.
* Agent registered in the HBS management server is not affected by this vulnerability.

Target services

Host-Based Security

– Managed Anti-Virus
– Managed Virtual Patch
– Managed Host-based Security Package

Target users

Environment where Host-Based Security was used before.
Environment where Host-Based Security is currently being used and the connection to the HBS management server is disconnected.
An environment where Agent is just installed on your computer.

Countermeasures

You can take measures with the latest version available in the security control panel.

Linux version Agent version: Deep Security Agent 11.0.0-2256 (released on 2022/1/19)

* The environment using version 9.6 is the version that is no longer supported.
If you are using this version, please update even if you are connected (registered) to the management server.
* If you are currently registered, please uninstall the Agent at the timing of suspension of use on the system that you are considering disconnecting in the future.

Notes on Agent upgrade

Refer to the following URL for details on the Agent upgrade procedure.

https://ecl.ntt.com/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_upgrade_delivery.html

After the upgrade, check the Security Control Panel to confirm that the Agent upgrade has been completed.

* If you are using an end-of-support version, we cannot respond to inquiries regarding upgrades.
* If you are using the end-of-support version, please uninstall the Agent, restart the OS, and reinstall with the latest version.

Agent version check

https://ecl.ntt.com/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_upgrade_check.html

Agent uninstall procedure

https://ecl.ntt.com/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_uninstall.html

 

Thank you.