The authentication process between ControlUp Real-Time Console/Monitor and ControlUp Real-Time Agents was based on hardcoded keys. This key could have been extracted from a ControlUp Real-Time Console/Monitor binary file and a potential attacker might use it to craft a fake ControlUp Real-Time Console/Monitor that would be able to successfully authenticate to ControlUp Real-Time Agents and run malicious actions (OS commands) with SYSTEM level privilege on a machine with the ControlUp Real-Time Agent installed.
We strongly urge you to do the following as soon as possible:
It is important to update/uninstall all ControlUp Real-Time Agents even if they are no longer in use. ControlUp Real-Time Agents of versions lower than 8.5 can put your organization at risk even if there is no ControlUp Console/Monitor connected to them. You can watch this 2-minute video to learn how to easily find machines with older ControlUp Real-Time Agent versions.
Credits – Michael N. Henry and James Burton, Facebook Red Team.