<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Vulnerability Report

CVE-2020-10658 Proofpoint Insider Threat Management Server (RCE)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a vulnerability in the ITM application server's WriteImage API. The vulnerability allows an anonymous remote attacker to execute arbitrary code with local administrator privileges. The vulnerability is caused by improper deserialization.

cve-2020-10658

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 9.8 Critical.  CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

1.3        Affected Version

The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1

1.4        Vulnerability Attribution

This vulnerability is disclosed by undisclosed sources.

1.5        Risk Impact

Proofpoint Insider Threat Management Server detect risky insider activity and prevent data loss from the endpoint. It also simplifies response to insider threat and data loss incidents. It defends enterprise against authorized users acting maliciously, negligently or unknowingly. And we correlate user activity and data movement to protect you from insider-led data breaches. Plus, we detect risky behavior in real-time to give you easy to understand evidence of wrongdoing.

An RCE in Proofpoint Insider Threat Management Server can lead to severe consequences. Insider Threat detection can be completely compromised.

An exploit is not publicly available but given the disclosure, it is very easy to construct one.

1.6        Virsec Security Platform (VSP) Support:

VSP-Host monitors processes that are spawned which are not part of a set of whitelisted process. Any attempt to execute new command or unknown binary would be denied by VSP-Host’s Process Monitoring capability.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.

 

Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!