Summary
A vulnerability which may allow unauthenticated execution of arbitrary code, depending on system configuration, has been identified in the User Console. Specifically, this issue arises from the Data Platform's use of the .NET Remoting framework.
The vulnerability is related to a TCP Remoting Channel running on port 8084 of the User Console server. The TCP Remoting Channel facilitates configuration and management from the Data Platform Admin Console. In User Console versions below 5.5.68, if SecurityMode=1 has not been enabled, unauthenticated access to an object exposed on this channel may allow unauthorized command execution. When properly configured with authentication, this vulnerability does not pose a risk.
Fix Version and Resolution
This issue can be broken down into two components:
- The potential to execute arbitrary code without authentication.
- The exposed Remoting Channel services that, under certain conditions, do not require authentication.
In version 5.5.76, the ability to execute arbitrary code has been completely removed. Starting with version 5.5.68, the release notes introduced support for "Encryption and Authentication Enforceable for Operations Over the Remoting Service." The SecurityMode parameter ensures that only authenticated users and endpoints can interact with the Data Platform User Console's remoting services.
We encourage customers to upgrade to the latest version of the Data Platform and enable appropriate security settings as detailed in the 5.5.68 release notes.
Security Best Practices
To further protect your environment, we recommend the following:
- Ensure that only privileged and trusted users have authenticated access to the User Console server.
- Restrict network access to the User Console server through the use of firewalls or other network security mechanisms.
Credit
For identifying this issue and disclosing it to Flexera under the responsible disclosure process, we'd like to credit Tareq Tahboub of Trafford Security.
