Malware attacks on endpoint management platform HCL BigFix possible
Attackers can exploit several vulnerabilities in HCL BigFix and compromise systems. Security updates provide a remedy.
(Image: AFANASEV IVAN/Shutterstock.com)
The endpoint management platform HCL BigFix is vulnerable. Admins should ensure that their systems are protected against possible attacks via the available security updates. Malicious code can reach computers via a"critical" vulnerability.
Several gaps closed
According to a warning message, the software vulnerabilities affect various components of the WebUI. The developers state that they have closed a total of 13 gaps. The most dangerous is a vulnerability (CVE-2024-38996"critical") that allows attackers to paralyze instances via a DoS attack. Under certain circumstances, malicious code can even be executed. In such a case, systems are usually considered fully compromised. It is currently not known in detail how such an attack could take place.
Two vulnerabilities are classified as"high" (CVE-2024-45590, CVE-2024-45296). Attackers can create DoS states at these points with prepared requests. The remaining vulnerabilities are classified as"medium". Among other things, information can be leaked here.
Videos by heise
Security updates
HCL Software does not currently specify whether there are already attacks and how admins can recognize instances that have already been attacked. To protect systems, admins must ensure that the secure versions of the relevant components are installed in the WebUI:
- Application Administration 36
- Common 93
- Custom 46
- Insights 26
- Patch 48
- IVR 16
- Patch Policies 42
- Profile Management 29
- Query 40
- Software Distribution 50
- WebUI API 27
- WebUI Content App 24
- WebUI CMEP 18
- WebUI Data Sync 32
- WebUI Framework 30
- WebUI MDM 21
- WebUI Permissions and Preferences 23
- WebUI Reports 20
- WebUI Take Action 33
- WebUI SCM 16
- WebUI Extensions 9
(des)
