About CVE-2022-24237 (21st Mar 2022)

Preface: What is application layer load balancing?
Application layer load balancers distribute requests based on content of the requests being processed, including its HTTP/S header and message in addition to session cookies. They can also track responses as they travel back from the server, thereby providing data on the load each server is processing at all times.

Background: There are two primary protocols on the internet – TCP and UDP. These are what we call layer 4 protocols. How about the web browsing and email? The majority of the data sent across the internet is TCP and that is what Snapt load balances. Protocols like HTTP, SMTP, SSL and much more all use TCP.
HTTP is a layer 7 protocol. All web browsing are communicating with either HTTP or SSL (HTTPS) to browse web content. Aria is the premier ADC solution for businesses, providing a load balancer, web accelerator, web app firewall (WAF), global server load balancer (GSLB),..etc
The Snapt Balancer is a feature-rich layer 7 TCP load balancer.

Vulnerability details: The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.

To establish a typical remote shell, a machine controlled by the attacker connects to a remote network host and requests a shell session – this is called a bind shell. But what if the remote host is not directly accessible, for example because it has no public IP or is protected by a firewall? In this situation, a reverse shell might be used, where the target machine initiates an outgoing connection to a listening network host and a shell session is established.
Refer to diagram , the Proof of concept try to spawn a reverse shell on the target host to the attackers machine. For more technical details, please refer to the link – https://www.cryptnetix.com/blog/2022/03/19/Snapt-Aria-Vulnerability-Disclosure.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.