CVE-2020-36911

Covenant · Covenant

Covenant versions 0.1.3 through 0.5 are vulnerable to remote code execution via forged JWT tokens, allowing attackers to upload and execute arbitrary malicious DLL payloads.

Executive summary

A critical remote code execution vulnerability in Covenant allows unauthenticated attackers to gain administrative control by forging JWT tokens.

Vulnerability

This vulnerability involves improper validation of JSON Web Tokens (JWT). An unauthenticated attacker can craft tokens with administrative privileges to bypass authentication and upload custom DLLs to achieve arbitrary command execution.

Business impact

The ability to execute arbitrary code with administrative privileges presents an extreme risk to organizational security. A successful exploit could lead to full system compromise, exfiltration of sensitive data, and unauthorized persistence within the network, justifying the 9.8 CVSS score.

Remediation

Immediate Action: Upgrade to the latest version of Covenant immediately to resolve the JWT validation flaw. If an update is not available, isolate affected instances from public-facing networks.

Proactive Monitoring: Review system logs for unauthorized administrative logins and inspect the file system for suspicious DLL files in application directories.

Compensating Controls: Deploy a Web Application Firewall (WAF) to inspect and block malformed JWT tokens or unexpected administrative requests to the application.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the severity of this remote code execution flaw, organizations must prioritize patching. Failure to remediate could result in a total compromise of the host system.