Security researchers have discovered vulnerabilities in the drivers of Eltima’s USB-over-Ethernet solution, which users can use to extend their rights to the system. Since the Eltima SDK is used by various cloud providers directly or under a different name, customers of numerous providers are vulnerable – both their local devices and server-side cloud instances.

With products like Amazon WorkSpaces you have a virtual machine in the cloud as a workstation PC. To connect the webcam, which is locally connected to the home PC, to this virtual workstation PC, the USB-over-Ethernet drivers are used, among other things. Amazon & Co realize this with libraries from third-party manufacturers such as the Eltima SDK. As a result, users of cloud services unwittingly inherit their vulnerabilities, the researchers add. The SentinalLabs list 27 CVE entries: Many products are affected by several vulnerabilities.

The vulnerabilities found do not allow an extension of rights …

Source link

Leave a Reply