AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
Amazon Web Services is among a dozen cloud services affected by flaws in Eltima SDK, according to new reports. The flaws could enable attackers to disable security and gain kernel-level privileges. The vulnerabilities affect Amazon WorkSpaces and other cloud services that use USB other Ethernet. The flaws leave millions of users worldwide open to privilege escalation attacks, say, researchers. The impacted service is a library created by network virtualization for Eltima. This includes AWS, Accops, and NoMachine, among others. All apps that enable remote desktop access through using the Eltima software development kit to enable USB over Ethernet are at risk.
USB over Ethernet enables sharing of multiple USB devices over Ethernet, allowing users to connect devices such as webcams on remote machines anywhere in the world as long as the devices are physically plugged in. However, the flaws are in both the USB Over Ethernet function and the Eltima SDK, not the cloud services themselves. Attackers leveraging the flaws could disable security protects, overwrite system components, corrupt the operation system, or perform a number of other malicious actions. SentinelOne released a report regarding the flaws and their impact on Tuesday.
Read the Full Report: Multiple Vulnerabilities in AWS and Other Major Cloud Services