News
Agent vulnerability used in Managed Anti-Virus / Managed Virtual Patch / Managed Host-based Security Package
Thank you for using Enterprise Cloud service.
Overview
[CVE-2022-23119] Directory traversal and code injection vulnerabilities in the Linux version of AgentIn an environment where you are using a Linux-based Agent that is not connected (registered) to the HBS management server with Host-Based Security. An attacker could exploit a directory traversal vulnerability to read arbitrary files.
[CVE-2022-23120] Code injection vulnerability in Linux version AgentIn an environment where you are using a Linux-based Agent that is not connected (registered) to the HBS management server with Host-Based Security. An attacker could exploit the privilege escalation by code injection to execute arbitrary code as root. It may be affected by data tampering or program modification.
Vulnerability conditions
In order to exploit this vulnerability, the following conditions must be met.
-Deep Security Linux version Agent version less than 11.0.0-2256
-Linux version Agent that is not connected (registered) to the HBS management server
* If you have previously disconnected using the service, or an Agent not registered because it is a backup system, etc.
* Windows version Agent is not affected by this vulnerability.
* Agent registered in the HBS management server is not affected by this vulnerability.
Target services
Host-Based Security
– Managed Anti-Virus
– Managed Virtual Patch
– Managed Host-based Security Package
Target users
Environment where Host-Based Security was used before.
Environment where Host-Based Security is currently being used and the connection to the HBS management server is disconnected.
An environment where Agent is just installed on your computer.
Countermeasures
You can take measures with the latest version available in the security control panel.
Linux version Agent version: Deep Security Agent 11.0.0-2256 (released on 2022/1/19)
* The environment using version 9.6 is the version that is no longer supported.
If you are using this version, please update even if you are connected (registered) to the management server.
* If you are currently registered, please uninstall the Agent at the timing of suspension of use on the system that you are considering disconnecting in the future.
Notes on Agent upgrade
Refer to the following URL for details on the Agent upgrade procedure.
After the upgrade, check the Security Control Panel to confirm that the Agent upgrade has been completed.
* If you are using an end-of-support version, we cannot respond to inquiries regarding upgrades.
* If you are using the end-of-support version, please uninstall the Agent, restart the OS, and reinstall with the latest version.
Agent version check
Agent uninstall procedure
/en/documents/tutorials/security/rsts/security/operation/host-based_security/agent_uninstall.html
Thank you.