Warning: Vulnerability in IT asset management platform Device42

IT management platforms can become dangerous vulnerabilities. When vulnerabilities allow root access and enable remote code execution, such asset management platforms become a danger. In a warning, Bitdefender reveals the risks that existed with the Device42 product and why an update of the IT asset management platform is necessary.

The warning from Bitdefender refers to a vulnerability in Device42 that has since been fixed. The widely used Device42 platform allows IT administrators to manage hardware, software, devices and networks across their organization in both on-premise and cloud environments. The widely used management platform automatically discovers assets and records their dependencies on each other. 

RCE vulnerability in Device42

Bitdefender Labs experts found a vulnerability that allows hackers to execute remote code in the platform's staging environment. They were also able to gain full root access and thus complete control over internal assets of the victim IT. Device42 has since closed the vulnerability after intensive collaboration with Bitdefender Labs. Users are encouraged to immediately update their solution to version 18.01.00 or higher.

However, Bitdefender Labs security researchers were able to demonstrate several serious vulnerabilities in the Device42 platform appliance. Hackers would have been able to exploit these vulnerabilities with any level of access to the network of the attacked company.

• This allowed attackers to impersonate a legitimate user via cross site scripting (XSS).
• They also gained administrator access to the Device42 solution by intercepting a session with a Local File Inclusion (LFI).
• Hackers were thus able to gain remote code execution (RCE) privileges with root privileges based on session participation without authentication.

This resulted in critical consequential risks such as extracting valid session IDs of authenticated users or remote code execution through an autodiscovery task. Attackers were also able to execute remote code in Device42's Compliance Manager component. Attackers obtained the credentials needed to do this by exploiting vulnerabilities described in the Bitdefender Labs report.

The full analysis of the Device42 vulnerability by Bitdefender Labs can be found in this PDF document. The incident shows once again that some web-based monitoring solutions can pose unexpected risks. Anyone using the platform should update it.