Severity: MEDIUM
Description: An arbitrary code execution vulnerability was found in the F-Secure Support Tool. A standard user can craft a special configuration file, which when run by administrator can execute any commands.
CVSS Score: 6.4
B
No data available.
No data available.
1. Risk Assessment
The vulnerability detailed in CVE-2021-44750 is an arbitrary code execution flaw within the F-Secure Support Tool. This means a standard user, with relatively limited privileges, can construct a specially crafted configuration file that, when processed by an administrator, allows for the execution of arbitrary commands on the system. The base CVSS score of 6.4 (Medium) indicates a moderate risk. The attack complexity is High, meaning successful exploitation isn't trivial, and requires some level of sophistication in crafting the configuration file. However, the potential impact is High across all three pillars of confidentiality, integrity, and availability. A successful attack could lead to data breaches, system compromise, and denial of service. The likelihood of exploitation is moderate, as it requires an administrator to utilize the Support Tool with the malicious configuration file, but this is a common task for troubleshooting. The business impact could range from minor disruptions to significant downtime and data loss, depending on the commands executed.
2. Potential Attack Scenarios
An attacker could leverage this vulnerability in a scenario where a helpdesk technician needs assistance troubleshooting an issue. The attacker, posing as a standard user, submits a support request with a crafted configuration file attached. When the administrator opens the configuration file using the F-Secure Support Tool, the embedded malicious code executes. This code could, for example, create a new administrator account for the attacker, granting them persistent access to the system. Alternatively, the code could install ransomware, encrypting critical data and demanding a ransom for its decryption. The attack vector is network-based, meaning the attacker doesn't need physical access to the system. The attack process involves crafting the configuration file, delivering it via a support request, and waiting for an administrator to utilize it. The potential outcome is full system compromise, data exfiltration, or ransomware infection.
3. Mitigation Recommendations
The primary mitigation is to apply the latest updates from F-Secure. While the vulnerability isn't actively being exploited by ransomware as of yet, the potential is there. Ensure all instances of F-Secure Elements Agent, F-Secure MDR, F-Secure Client Security, F-Secure Server Security, F-Secure Email and Server Security, F-Secure Freedome VPN, F-Secure SAFE, F-Secure KEY, and F-Secure Internet Security / Anti-Virus are updated to the latest version. Implement a review process for configuration files submitted via support requests, especially if they are coming from less-trusted sources. Consider limiting the privileges of the administrator account used to run the F-Secure Support Tool, where possible. Train administrators to be cautious when opening configuration files from unknown or untrusted sources. Reference the F-Secure Security Advisories for detailed patching instructions and additional mitigation guidance: https://www.f-secure.com/en/business/support-and-downloads/security-advisories and https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-44750.
4. Executive Summary
F-Secure products are affected by a vulnerability (CVE-2021-44750) that allows a standard user to execute arbitrary code on a system when an administrator uses the F-Secure Support Tool with a specially crafted configuration file. While exploitation requires user interaction and administrator privileges, the potential impact is significant, including data breaches, system compromise, and downtime. We recommend applying the latest F-Secure updates as soon as possible to mitigate this risk. It's important to proactively review configuration files submitted through support requests and train administrators to exercise caution. This vulnerability poses a moderate risk to our business, and addressing it promptly will help ensure the confidentiality, integrity, and availability of our systems and data. Failure to address this could result in significant disruption and potential financial losses.