Remote Code Execution via Malicious Configuration File
A remote code execution vulnerability was discovered in version 2.17.1 of the software, allowing attackers to execute arbitrary code by uploading a malicious configuration file. This issue was patched in version 2.19.4.
Available publicly on Sep 27 2024 | Available with Premium on Aug 20 2024
Threat Overview
The vulnerability allows an attacker to upload a configuration file that includes a URI pointing to a malicious binary file. When the software processes this configuration file, it downloads and executes the binary, leading to remote code execution. This can result in the attacker gaining full control over the affected system.
Attack Scenario
An attacker sets up a malicious server hosting a binary file with embedded malicious code. They then craft a configuration file that points to this binary and upload it to the target system. When the target system processes the configuration file, it downloads and executes the malicious binary, allowing the attacker to execute arbitrary code on the system.
Who is affected
Users running version 2.17.1 of the software who allow remote configuration file uploads are affected by this vulnerability.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.