Researchers have disclosed details about a security vulnerability in the Netwrix Auditor application that, if successfully exploited, could lead to arbitrary code execution on affected devices.

研究人员披露了有关 Netwrix Auditor 应用程序中安全漏洞的详细信息，如果成功利用该漏洞，可以导致在受影响设备上执行任意代码。

"Since this service is typically executed with extensive privileges in an Active Directory environment, the attacker would likely be able to compromise the Active Directory domain," Bishop Fox said in an advisory published this week.

“由于该服务通常在 Active Directory 环境中以较高的权限执行，因此攻击者可能会破坏 Active Directory域，”Bishop Fox在本周发布的一份报告中说。

Auditor is an auditing and visibility platform that enables organizations to have a consolidated view of their IT environments, including Active Directory, Exchange, file servers, SharePoint, VMware, and other systems—all from a single console.

Auditor是一个审计和可见性平台，使组织能够从一个控制台获得其 IT 环境的统一视图，包括 Active Directory、Exchange、文件服务器、SharePoint、VMware 和其他系统。

Netwrix, the company behind the software, claims more than 11,500 customers across over 100 countries, such as Airbus, Virgin, King's College Hospital, and Credissimo, among others.

该软件背后的公司 Netwrix 在 100 多个国家/地区拥有 11,500 多名客户，例如空中客车公司、维珍航空、国王学院医院和 Credissimo 等。

The flaw, which impacts all supported versions prior to 10.5, has been described as an insecure object deserialization, which occurs when untrusted user-controllable data is parsed to inflict remote code execution attacks.

该漏洞影响 10.5 之前的所有受支持版本，被描述为不安全的对象反序列化，当解析不受信任的用户可控数据以造成远程代码执行攻击时，就会发生这种情况。

The root cause of the bug is an unsecured .NET remoting service that's accessible on TCP port 9004 on the Netwrix server, enabling an actor to execute arbitrary commands on the server.

该错误的根本原因是一个不安全的 .NET 远程处理服务，该服务可在 Netwrix 服务器上的 TCP 端口 9004 上访问，使访问者能够在服务器上执行任意命令。

"Since the command was executed with NT AUTHORITY\SYSTEM privileges, exploiting this issue would allow an attacker to fully compromise the Netwrix server," Bishop Fox's Jordan Parkin said.

“由于该命令是使用 NT AUTHORITY\SYSTEM 权限执行的，因此利用此问题将允许攻击者完全破坏 Netwrix 服务器，”Bishop Fox 的 Jordan Parkin 说。

Organizations relying on Auditor are recommended to update the software to the latest version, 10.5, released on June 6, to thwart any potential risks.

建议依赖 Auditor 的组织将软件更新到6月6日发布的最新版本 10.5，以阻止任何潜在风险。

知人者智，自知者明。胜人者有力，自胜者强。知足者富，强行者有志。

——《道德经.第三十三章》

本文翻译自：

https://thehackernews.com/2022/07/new-netwrix-auditor-bug-could-let.html

如若转载，请注明原文地址

翻译水平有限 :(

有歧义的地方，请以原文为准 ：