The Okta Advanced Server Access Windows client is vulnerable to an unauthenticated remote code execution vulnerability. Thousands of companies rely on Okta to provide zero-trust identity and access management for cloud and on-premises infrastructure. This vulnerability can be exploited via a specially crafted URL (command injection) that will then allow remote unauthenticated code execution on the compromised device. Barracuda MSP recommends updating any devices using the Okta Advanced Server Access Windows client and maintaining a vigilant patching schedule across all devices in general.
Technical Detail & Additional Information
WHAT IS THE THREAT?
Windows devices running the Okta Advanced Server Access client on a version prior to 1.57.0 are vulnerable to an unauthenticated remote code execution attack. An attacker could exploit this command injection vulnerability by sending a specially crafted URL and take complete control of an affected system, without ever needing to be on site or authenticated. While the exact technical details of the attack have not been released at this time, Okta has already deployed a fix and recommends updating as soon as possible.
WHY IS IT NOTEWORTHY?
Unauthenticated remote code execution vulnerabilities pose a high level of cyber risk. Because attackers do not require authentication or physical access to launch RCE attacks, any threat actor on the Internet that identifies you as a target can exploit your vulnerable devices. If some manner of internet scanner begins looking for devices running this exploitable version of Okta Advanced Server Access, it is at risk from any attacker, anywhere.
WHAT IS THE EXPOSURE OR RISK?
If exploited, this vulnerability can allow threat actors to completely take over a compromised system. From that point, cyber criminals can inflict a high amount of damage, only limited largely by the goals of the attacker. Businesses may face theft or deletion of confidential business or customer data, further compromise of other devices on the network, or the spread of harmful software to name only a few. The damage to an organization can be both operational and reputational, leading to both very public and very severe repercussions.
WHAT ARE THE RECOMMENDATIONS?
Barracuda MSP recommends the following actions to limit the impact of this attack and many other similar attacks:
- Download the Okta Advanced Server Access update for Windows devices and maintain a regular patch management schedule to reduce vulnerability to similar attacks.
- Deploy a strong endpoint and web protection solution, such as ones offered through SKOUT which may prevent malicious programs from running, downloading, or uploading.
- Remove/delete all the unrecognized, outdated, and unused accounts.
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.