The backdoor can gain unauthorized access to remote command execution and be exploited to achieve privilege. Businesses should follow mitigation processes provided by HP.
There has been an uptick in cyber-attacks and data breaches in 2020. While this increases each year, this year feels especially hard hit, likely due to the COVID-19 pandemic. With everyone working from home, businesses are strained and systems are breaking down, making them easier to exploit. On top of that, now businesses that use HP Device Manager have to take action to mitigate a vulnerability that was put there by HP itself.
According to The Register, “Nicky Bloor, founder of Cognitous Cyber Security, reports that an HP Inc programmer appears to have set up an insecure user account in a database within HP Device Manager (HPDM). He found that the account can be exploited to achieve privilege escalation and, in conjunction with other flaws, gain unauthorized remote command execution as SYSTEM.
This is bad: if you can reach a vulnerable installation of this device manager on a network, you can gain admin-level control over its machine and the thin clients it controls. HPDM typically runs on a Windows-powered server, and directs multiple Windows clients.”
This is a nightmare for businesses that use HPDM, and it’s a dream for an attacker. Bad actors, like any other criminal, want to get the most bang for their buck. They don’t want to exert a lot of energy, but they want a big payday. If a bad actor gains admin-level control over one machine, they can use that access to gain entry to other machines. They can practically do whatever it is they want to do and they haven’t broken a sweat.
Cyber Observer says the 8 most common causes of a data breach are:
- Weak and Stolen Credentials, a.k.a. Passwords
- Back Doors, Application Vulnerabilities
- Malware
- Social Engineering
- Too Many Permissions
- Insider Threats
- Improper Configuration and User Error
Back doors, application vulnerabilities and improper configuration all fit the HP problem.
Bloor brought this vulnerability to the attention of HP, which did not immediately respond. When he said he was going to go public, they quickly changed their tune. On September 30, HP acknowledged the problem and shared an update on the resolution timeline. Weak Cipher and Remote Method Invocation are affected on all versions of HPDM, while Elevation of Privilege affects versions 5.0.0 to 5.0.3. The page goes on to outline mitigations you can take while their security team works on a patch, so be sure to read their resolution guidelines to limit your risk.
Businesses are so trained and on high alert to look for data breaches via a cyber-attack, whether it’s malware or phishing or something else. They aren’t looking at their management system for vulnerabilities, they trust their provider to ensure that security.
This is the exact reason businesses should always hire an expert when implementing something new, and should employ someone who can maintain that system as well as keep it updated. When something new is being implemented, no matter if you trust where it came from, your expert should ensure there are no vulnerabilities built into the system. You have to do whatever it takes to protect your business, and that means protecting your customers, clients, business partners and proprietary information.
We continually discuss how important it is to safeguard sensitive information, how important it is to hire an expert to assist with cloud migration, security protocols and having proper backups in place. Vulnerabilities are a problem, bad actors, insider threats and hackers are a problem. Ensure that you aren’t the next victim, build more into your InfoSec and CyberSec budgets because this isn’t going to go anywhere. Protection is paramount to success.