CVE-2020-36911
Covenant · Covenant
Covenant versions 0.1.3 through 0.5 are vulnerable to remote code execution via forged JWT tokens, allowing attackers to upload and execute arbitrary malicious DLL payloads.
Executive summary
A critical remote code execution vulnerability in Covenant allows unauthenticated attackers to gain administrative control by forging JWT tokens.
Vulnerability
This vulnerability involves improper validation of JSON Web Tokens (JWT). An unauthenticated attacker can craft tokens with administrative privileges to bypass authentication and upload custom DLLs to achieve arbitrary command execution.
Business impact
The ability to execute arbitrary code with administrative privileges presents an extreme risk to organizational security. A successful exploit could lead to full system compromise, exfiltration of sensitive data, and unauthorized persistence within the network, justifying the 9.8 CVSS score.
Remediation
Immediate Action: Upgrade to the latest version of Covenant immediately to resolve the JWT validation flaw. If an update is not available, isolate affected instances from public-facing networks.
Proactive Monitoring: Review system logs for unauthorized administrative logins and inspect the file system for suspicious DLL files in application directories.
Compensating Controls: Deploy a Web Application Firewall (WAF) to inspect and block malformed JWT tokens or unexpected administrative requests to the application.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Given the severity of this remote code execution flaw, organizations must prioritize patching. Failure to remediate could result in a total compromise of the host system.