Xerox DocuShare Bugs Allowed Data Leaks

  • CISA warns the leading business doc management system is open up to attack and urges companies to use fixes.

    Xerox issued a resolve for two vulnerabilities impacting its current market-major DocuShare company doc administration platform. The bugs, if exploited, could expose DocuShare users to an attack resulting in the decline of sensitive knowledge.

    On Wednesday, the Cybersecurity and Infrastructure Security Company (CISA) issued a security bulletin urging buyers and directors to utilize a patch that plugged two security holes in lately released versions (6.6.1, 7., and 7.5) of Xerox’s DocuShare. The vulnerability is rated critical.

    Tracked as CVE-2020-27177, Xerox explained the vulnerabilities open up Solaris, Linux and Windows DucuShare buyers up to both of those a server-aspect ask for forgery (SSRF) attack and an unauthenticated exterior XML entity injection attack (XXE). Xerox issued its security advisory (XRX20W) on November 30.Xerox did not share the particulars of the bugs or probable attack scenarios. In its “Mini Bulletin” it provided links to hotfix links to tarball files addressing bugs in influenced variations of Solaris, Linux and Windows DocuShare.

    However, a hotfix for the Solaris edition of DocuShare 7.5 is not out there. Xerox did not return push inquiries forward of this released information short article.

    Prospective Menace Vectors

    A SSRF vulnerability would permit an attacker to abuse operation on a server hosting the application-as-a-services (SaaS) DocuShare. A prosperous SSRF attack commonly lets an adversary to read or update inside sources.

    “The attacker can offer or modify a URL which the code jogging on the server will study or submit knowledge to, and by carefully selecting the URLs, the attacker may perhaps be able to go through server configuration this kind of as AWS metadata, hook up to inside expert services like http enabled databases or conduct publish requests towards interior providers which are not intended to be exposed,” in accordance to an OWASP Basis description of a SSRF attack.

    An XXE is a type of attack against an software that parses XML input. “This attack happens when XML enter made up of a reference to an external entity is processed by a weakly configured XML parser,” OWASP describes.

    A effective XXE attack would let a cybercriminal to attain access to private details and could also aid attacks that contain: “denial of company, server facet ask for forgery and port scanning from the viewpoint of the equipment in which the parser is found,” according OWASP.

    Bug hunter Julien Ahrens (@MrTuxracer) is credited for acquiring the bug and bringing it to Xerox’s focus.

    Xerox DocuShare is an business document management process employed by mid-sized and massive organizations. The doc administration procedure market place, well worth $41.65 billion in 2019, is a dominated companies such as Xerox, IBM, Oracle and OpenText.

    Set Ransomware on the Run: Save your spot for “What’s Up coming for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what is coming in the ransomware earth and how to struggle back again.

    Get the hottest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and other security authorities, on new types of assaults. Topics will incorporate the most perilous ransomware risk actors, their evolving TTPs and what your organization desires to do to get forward of the following, inevitable ransomware attack. Sign-up here for the Wed., Dec. 16 for this LIVE webinar.