CVE-2021-34539

Vulnerability

CubeCoders AMP versions before 2.1.1.8 have an insufficient validation flaw in the Java Version setting [1]. This configuration parameter does not properly validate the provided path, allowing a non-default executable to be specified. The setting is intended to control which Java binary is used, but the lack of checks means any file system path can be supplied [1].

Exploitation

An attacker with high-privileged access (e.g., admin-level users who can modify instance settings) can exploit this by using a browser's Inspect Element tool to alter the Java Version field to a path to a malicious executable [1]. No additional authentication bypass is required because the attacker already has sufficient privileges to edit AMP settings [1]. The exploit does not require any race condition or user interaction beyond the attacker's own actions [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code on the server with the privileges of the AMP process [1]. This can lead to full compromise of the host system, although instances running inside Docker are not affected as the execution would be confined to the container [1]. The impact is potentially high, but the risk is considered low because only already high-privileged users can trigger the issue [1].

Mitigation

A fix was released on the same day as the report (10/06/2021) and is included in AMP version 2.1.1.8 [1]. All users should upgrade to this version or later. For instances running inside Docker, the impact is limited, but upgrading is still recommended [1]. No workarounds beyond upgrading are documented in the available references [1].