Executive Summary
An authentication bypass vulnerability was discovered in Netwrix Usercube on-premises installations that in rare circumstances where the product is incompletely configured may permit an attacker to escalate privileges within the product. The vulnerability was introduced in Netwrix Usercube version 6.0.105 which was released on March 20, 2023 and remediated in verison 6.0.213.
Acknowledgements
We thank Julien Egloff and Antoine Carrincazeaux of Synacktiv for their coordinated disclosure of this vulnerability.
Vulnerability
| Affected Component | Affected Versions | CVSS 3.1 Score (base / temporal) | Title | Description |
|---|---|---|---|---|
| Netwrix Usercube | 6.0.105 until 6.0.213 | 8.1 / 7.3 | Authentication Bypass in Netwrix Usercube (CVE-2023-41264) | An authentication bypass vulnerability was discovered in Netwrix Usercube on-premises installations that in rare circumstances where the product is incompletely configured may permit an attacker to escalate privileges within the product. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgements about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Authentication Bypass in Netwrix Usercube (CVE-2023-41264) | Yes* | No | No |
* This vulnerability was discovered by external security researchers who, consistent with industry practice, will publish technical details 30 days after this security advisory.
Solution
Netwrix Usercube customers with on-premises installations are advised to take the following actions:
- Update Netwrix Usercube to version 6.0.213 or later as soon as possible. Instructions for the upgrade process are available in the help center.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes as indicated in the table below.
| Title | Version |
|---|---|
| Authentication Bypass in Netwrix Usercube (CVE-2023-41264) | Netwrix Usercube 6.0.213 |
FAQ
-
How do I determine the version of Netwrix Usercube?
The version of Netwrix Usercube can be determined by inspecting the
buildinfo.txtfile within the Usercube installation directory or by accessing the Usercube application and choosing theAboutoption from the menu. -
I’m running a vulnerable version, how do I determine whether this vulnerability is exploitable?
This vulnerability only affects Usercube on-premises installations where two configuration settings were missing or set to an empty string. Examine the
appSettings.jsonfile located in the Usercube installation directory for theAuthorizedClientIdandAuthorizedClientSecretparameters within theDeploySettingkey. If the parameters do not exist or are empty then the vulnerability is exploitable.// Good { "DeploySetting": { "AuthorizedClientId": "a-random-string", "AuthorizedClientSecret": "a-random-string" //... } } // Bad { "DeploySetting": { "AuthorizedClientId": "", "AuthorizedClientSecret": "" //... } }
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2023-09-26T14:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.