44 lines
1.6 KiB
Plaintext
44 lines
1.6 KiB
Plaintext
=== What is the potential impact?
|
|
|
|
An attacker exploiting an arguments injection vulnerability will be able to add
|
|
arbitrary argument to a system binary call. Depending on the command the
|
|
parameters are added to, this might lead to arbitrary command execution.
|
|
|
|
The impact depends on the access control measures taken on the target system
|
|
OS. In the worst-case scenario, the process runs with root privileges, and
|
|
therefore any OS commands or programs may be affected.
|
|
|
|
Below are some real-world scenarios that illustrate some impacts of an attacker
|
|
exploiting the vulnerability.
|
|
|
|
==== Denial of service and data leaks
|
|
|
|
In this scenario, the attack aims to disrupt the organization's activities and
|
|
profit from data leaks.
|
|
|
|
An attacker could, for example:
|
|
|
|
* download the internal server's data, most likely to sell it
|
|
* modify data, send malware
|
|
* stop services or exhaust resources (with fork bombs for example)
|
|
|
|
This threat is particularly insidious if the attacked organization does not
|
|
maintain a disaster recovery plan (DRP).
|
|
|
|
==== Root privilege escalation and pivot
|
|
|
|
In this scenario, the attacker can do everything described in the previous
|
|
section. The difference is that the attacker also manages to elevate their
|
|
privileges to an administrative level and attacks other servers.
|
|
|
|
|
|
Here, the impact depends on how much the target company focuses on its Defense
|
|
In Depth. For example, the entire infrastructure can be compromised by a
|
|
combination of OS injections and *misconfiguration* of:
|
|
|
|
* Docker or Kubernetes clusters
|
|
* cloud services
|
|
* network firewalls and routing
|
|
* OS access control
|
|
|