CVE-2021-28113 : Security Advisory and Response

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before version 2020.9.3 allows attackers with admin access to the Okta Access Gateway UI to execute OS commands as a privileged system account.

Understanding CVE-2021-28113

This vulnerability affects Okta Access Gateway before version 2020.9.3, enabling attackers to execute OS commands with elevated privileges.

What is CVE-2021-28113?

CVE-2021-28113 is a command injection vulnerability in Okta Access Gateway that allows attackers with admin access to execute OS commands as a privileged system account.

The Impact of CVE-2021-28113

The impact of this vulnerability is rated as high, with a CVSS base score of 6.7. It poses a risk to the confidentiality and integrity of affected systems.

Technical Details of CVE-2021-28113

This section provides detailed technical information about the vulnerability.

Vulnerability Description

The vulnerability lies in the cookieDomain and relayDomain parameters of Okta Access Gateway, allowing for the execution of arbitrary OS commands.

Affected Systems and Versions

Okta Access Gateway versions before 2020.9.3 are affected by this vulnerability.

Exploitation Mechanism

Attackers with admin access to the Okta Access Gateway UI can exploit this vulnerability to run malicious OS commands.

Mitigation and Prevention

To protect systems from CVE-2021-28113, immediate actions should be taken.

Immediate Steps to Take

Upgrade Okta Access Gateway to version 2020.9.3 or later.
Limit admin access to minimize the risk of exploitation.

Long-Term Security Practices

Implement the principle of least privilege and regularly review system logs for suspicious activities.

Patching and Updates

Regularly monitor security advisories from Okta and apply patches promptly to mitigate known vulnerabilities.