CVE-2021-41594 in Archerinfo

Summary

by MITRE • 03/30/2022

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieves access to the precluded functions.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 04/01/2022

The vulnerability identified as CVE-2021-41594 represents a critical authorization bypass flaw within RSA Archer 6.9.SP1 P3 that directly undermines the application's access control mechanisms. This weakness specifically targets the internal TaskPermissions/CheckTaskAccess API endpoint, which serves as a crucial gatekeeper for determining user privileges and function accessibility within the system. The vulnerability stems from inadequate input validation and authorization checking at the API layer, where the system fails to properly validate the integrity of request parameters before granting access to restricted functionalities.

The technical exploitation of this vulnerability occurs through a straightforward interception and modification attack vector that leverages the application's trust in API request parameters. When administrators configure access restrictions for certain application functions, the system relies on proper parameter validation within the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint to enforce these restrictions. However, attackers can intercept legitimate API requests and simply replace the relevant parameters with empty or null values, effectively bypassing the intended authorization checks. This manipulation allows unauthorized access to functions that should be restricted based on user roles and permissions, creating a significant security gap that undermines the principle of least privilege.

The operational impact of this vulnerability extends beyond simple unauthorized access, as it can enable attackers to perform actions that could compromise the integrity and confidentiality of the entire RSA Archer platform. Since the bypass affects core administrative functions and task permissions, threat actors could potentially escalate their privileges, access sensitive data, modify critical system configurations, or disrupt business processes that depend on the application's security controls. The vulnerability is particularly concerning because it operates at the internal API level, making it difficult to detect through standard network monitoring and potentially allowing attackers to remain undetected while performing malicious activities. This type of authorization bypass aligns with CWE-285, which addresses improper authorization issues in software applications, and represents a direct violation of the principle that access controls should be enforced at multiple layers of the application architecture.

Organizations utilizing RSA Archer 6.9.SP1 P3 should implement immediate mitigations including comprehensive API request validation, enhanced monitoring of internal API endpoints, and strict enforcement of parameter integrity checks. The recommended approach involves implementing robust input sanitization mechanisms that validate all parameters received by the TaskPermissions/CheckTaskAccess endpoint, ensuring that empty or malformed parameters trigger appropriate authorization failures rather than granting access. Network segmentation and API gateway security controls should be deployed to monitor and restrict access to internal endpoints, while regular security audits should verify that authorization controls function correctly. This vulnerability demonstrates the critical importance of maintaining strong access controls at all levels of application architecture, as highlighted by ATT&CK technique T1078 which covers valid accounts and privilege escalation. Additionally, implementing proper logging and alerting mechanisms around internal API calls will help detect anomalous access patterns that may indicate exploitation attempts, while regular security updates and patches should be applied to address similar authorization bypass vulnerabilities that may exist in other components of the RSA Archer platform.

Reservation

09/24/2021

Disclosure

03/30/2022

Moderation

accepted

CPE

ready

EPSS

0.00754

KEV

no

Activities

very low

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!