Real-time monitoring, troubleshooting, and remediation
VDI & DaaS Monitoring VDI & DaaS Availability TestingLocal and remote physical endpoint devices and apps monitoring
Physical Endpoint Monitoring SaaS & Web Apps Availability Testing Unified CommunicationsPlatform integrations for ControlUp monitoring solutions
ControlUp Blog
Explore expert insights, tips, and best practices to optimize your IT operations
Read now
Severity: High
Update Release Date: April 22, 2021
Fix version: Version >= 8.2.5 for both Hybrid Cloud and COP (On-Premises)
What was the problem?
The authentication process between ControlUp Real-Time Console/Monitor and ControlUp Real-Time Agents was based on hardcoded keys. This key could have been extracted from a ControlUp Real-Time Console/Monitor binary file and a potential attacker might use it to craft a fake ControlUp Real-Time Console/Monitor that would be able to successfully authenticate to ControlUp Real-Time Agents and run malicious actions (OS commands) with SYSTEM level privilege on a machine with the ControlUp Real-Time Agent installed.
Solution
We strongly urge you to do the following as soon as possible:
- Upgrade to the latest version of ControlUp (8.5.1 for Hybrid Cloud/8.5 for On-Premises).
- Deploy the latest ControlUp Real-Time Agent to all endpoints.
It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. ControlUp Real-Time Agents of versions lower than 8.5 can put your organization at risk even if there is no ControlUp Console/Monitor connected to them. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.
Upgrade Guides:
Upgrade Guide for Hybrid Cloud 8.x to 8.5
On-Premises Upgrade Guide 8.x to 8.5
Please read more about the new features and security enhancements in our Security Best Practices Guide.
Credits – Michael N. Henry and James Burton, Facebook Red Team.
EN 
DE