Summary
Several cloud desktop solutions rely on a 3rd-party library called Eltima SDK to provide
USB over Ethernet capabilities, to allow users to connect and share local devices such as
webcams. SentinelLabs discovered vulnerabilities in Eltima drivers, including proprietary
versions used by several cloud services (among them AWS Workspaces), that would allow
unprivileged users to escalate privileges to kernel mode.
Affected Services
WorkSpaces
Remediation
AWS Workspaces users must manually update if they have either AutoStop WorkSpaces
with maintenance disabled or AlwaysOn WorkSpaces with OS updates disabled.
Tracked CVEs
CVE-2021-42972, CVE-2021-42973, CVE-2021-42976, CVE-2021-42977, CVE-2021-42979, CVE-2021-42980, CVE-2021-42983, CVE-2021-42986, CVE-2021-42987, CVE-2021-42988, CVE-2021-42990, CVE-2021-42993, CVE-2021-42994, CVE-2021-42996, CVE-2021-43000, CVE-2021-43002, CVE-2021-43003, CVE-2021-43006, CVE-2021-43637, CVE-2021-43638, CVE-2021-42681, CVE-2021-42682, CVE-2021-42683, CVE-2021-42685, CVE-2021-42686, CVE-2021-42687, CVE-2021-42688
References
Contributed by https://github.com/kasif-dekel
Entry Status
Finalized
Disclosure Date
Sun, May 2nd, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Kasif Dekel, SentinelOne
