Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
akamaiblogMark CarrizosaAKAMAIBLOG:3A595E7AE2630E6F7293B115E2894316
HistoryAug 25, 2020 - 2:45 p.m.

Enterprise Application Access Client (EAA) Vulnerability (CVE-2019-18847)

2020-08-2514:45:00
Mark Carrizosa
feedproxy.google.com
31

0.019 Low

EPSS

Percentile

88.7%

JSON

On October 15, 2019, Tesla discovered, and responsibly disclosed, a vulnerability within Akamai’s Enterprise Application Access (EAA) client that allows privilege escalation and remote code execution (RCE) when an attacker is within privileged locations on a network.

This vulnerability has been assigned CVE-2019-18847.

This vulnerability exists due to a combination of the lack of signature validation on end-user initiated update downloads and the lack of proper TLS certificate verification in the client when visiting the update software repositories. Akamai released a patch (version 2.0.1) on 3/20/20 and made it available to all EAA customers.

Akamai strongly urges customers who have not already updated their Enterprise Application Access (EAA) client to version 2.0.1 or later (as displayed in the EAA client) to do so immediately. Instructions are located here.

Customers utilizing EAA in a clientless configuration are not subject to this vulnerability and do not need to take any actions.

While Akamai has seen no evidence suggesting this vulnerability has been leveraged or exploited amongst our customers, a vulnerability of this nature should be treated as urgent and addressed as soon as possible.

Background:

To execute an exploit against this vulnerability, an attacker must either be able to modify DNS responses in order to redirect update traffic to their machine, or already be in a privileged position on the network where interception of traffic is possible, when an end user initiates an update.

Once exploited, an attacker can execute arbitrary code on the end-user machine with administrator/root privileges. Likewise, end users themselves can leverage this exploit to obtain privilege escalation on their own machines.

Recommendation:

Akamai recommends immediate upgrading to 2.0.1 or later. Effective immediately, all versions prior to 2.0.1 are deprecated, and Akamai will commence working with customers to retire these vulnerable prior versions.

Akamai wishes to thank Tesla for responsibly disclosing this issue.

Related

prion 1
nvd 1
cve 1
cvelist 1
prion
prion
Remote code execution
2020-08-26 14:15:00
nvd
nvd
CVE-2019-18847
2020-08-26 14:15:10
cve
cve
CVE-2019-18847
2020-08-26 14:15:10
cvelist
cvelist
CVE-2019-18847
2020-08-26 13:47:52

0.019 Low

EPSS

Percentile

88.7%

JSON
Related for AKAMAIBLOG:3A595E7AE2630E6F7293B115E2894316
prion1nvd1cve1cvelist1