Multiple vulnerabilities in IBM Aspera High-Speed Transfer Server, Endpoint, and Desktop Client
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-22901 CVE-2021-22898 |
| CWE-ID | CWE-416 CWE-457 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Aspera Desktop Client Client/Desktop applications / Software for system administration IBM Aspera High-Speed Transfer Endpoint Client/Desktop applications / Software for system administration IBM Aspera High-Speed Transfer Server Server applications / File servers (FTP/HTTP) |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU53589
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22901
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the application or compromise the vulnerable system.
The vulnerability exists due to a use-after-free error when processing creation of new TLS sessions or during client certificate negotiation. A remote attacker can force the application to connect to a malicious server, trigger a use-after-free error and crash the application.
Remote code execution is also possible if the application can be forced to initiate multiple transfers with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection in order to inject a crafted memory content into the correct place in memory.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system but requires that libcurl is using OpenSSL.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Aspera Desktop Client: before 4.2
IBM Aspera High-Speed Transfer Endpoint: before 4.2
IBM Aspera High-Speed Transfer Server: before 4.2
External linkshttp://www.ibm.com/support/pages/node/6494763
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of uninitialized variable
EUVDB-ID: #VU53587
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22898
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to usage of uninitialized variable in code, responsible for processing TELNET requests when parsing NEW_ENV variables. A remote attacker can force the affected application to connect to a telnet server under attackers control and read up to 1800 bytes from the uninitialized memory on the libcurl client system.
Proof of concept:
curl telnet://example.com -tNEW_ENV=a,bbbbbb (256 'b's)Install update from vendor's website.
Vulnerable software versionsIBM Aspera Desktop Client: before 4.2
IBM Aspera High-Speed Transfer Endpoint: before 4.2
IBM Aspera High-Speed Transfer Server: before 4.2
External linkshttp://www.ibm.com/support/pages/node/6494763
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
