Critical Vulnerability in Apex Central Allows Remote Code Execution
A important security flaw has been identified in the Apex Central management server, possibly allowing attackers to remotely execute code without requiring login credentials. Erik Avakian, a technical counselor at Info-Tech Research Group, details that a background service within the server improperly handles network messages, creating a critical vulnerability.
The flaw lies in the service’s ability to load Windows DLLs without validating thier source. An attacker can host a malicious DLL on a remote network and instruct Apex Central to load it. The server then retrieves and executes the code, granting the attacker a high level of privilege within the corporate software environment.
“They simply can host a malicious DLL somewhere they control and instruct Apex Central to load it,” explains Avakian. “Because of the flaw, Apex Central reaches out and loads the DLL itself, effectively pulling in and executing the attacker’s code without checking who asked.”
This attack is particularly dangerous as it doesn’t require the attacker to log in or upload files to the server. if the server is exposed and unpatched, it is indeed susceptible to complete remote takeover. Organizations utilizing Apex Central are strongly advised to apply any available security patches promptly to mitigate this risk.