Multiple security flaws affected USB over Ethernet, which, in turn, affected numerous cloud services. These include the popular Amazon (AWS) Workspaces, NoMachine, and more.
USB Over Ethernet Flaws
Researchers from Sentinel Labs found multiple security flaws affecting cloud services. These flaws typically existed in the Eltima SDK providing USB over ethernet capability to many cloud services.
The vulnerabilities specifically originated from a specific library that many cloud providers use. Consequently, the vulnerable providers include Amazon Workspaces, NoMachine, Accops, and others. However, the researchers only validated their findings for AWS Workspaces.
Regarding how Workspaces utilize Eltima SDK, the researchers explained,
The WSP protocol consists of several libraries, some of which are provided by 3rd parties. One of these is the Eltima SDK. Eltima develops a product called “USB Over Ethernet”, which enables remote USB redirection.
The same product, with some modifications, is used by Amazon WorkSpaces to enable its users to redirect USB devices to their remote desktop, allowing them to connect devices such as USB webcams to Zoom calls directly from the remote desktop.
As elaborated in their report, these vulnerabilities affect cloud service consumers as well. Exploiting the bugs could allow privilege escalation, ultimately allowing an attacker to meddle with the target system, disable security programs, overwrite system components, and more.
Since it also involves remote desktops, exploiting the bugs would also affect remote systems.
In the case of organizations, such attacks could have even more devastating consequences. This includes gaining access to unpatched machines and spreading laterally on the target network.
Patches Released
Following this discovery, the researchers reached out to Eltima, Amazon, and other vulnerable entities. Consequently, the respective vendors started developing and releasing fixes to address the matter.
Since the patches are out with the latest releases, users must ensure updating their systems with the newest client versions.
Let us know your thoughts in the comments.