Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

The Axeda Vulnerability and Lessons Learned

April 14, 2022

  • Blog
  • Archive

In March, a vulnerability that impacts Parametric Technology Corporation’s (PTC) Axeda agent and Axeda Desktop Server was announced. The Cybersecurity and Infrastructure Security Agency (CISA) issued advisory ICSA-22-068-01 stating that the vulnerability is exploitable remotely with a low attack complexity… a particularly bad combination. This event serves as an apt moment to reflect on the underlying security deficiencies and what we can learn from them.

What is Axeda and what is the scope of the vulnerability?

Axeda is remote access software typically used in IoT environments. According to Forescout, 54% of Axeda’s userbase are healthcare organizations and the Axeda agent is frequently baked into healthcare devices. The agents are typically used for remote diagnostics.

According to CISA’s 3/31/2022 vulnerability update (update C), since the vulnerability was first announced, the scope of the problem has significantly expanded. Some of the biggest names in healthcare systems are affected by the Axeda vulnerability.

Known as “Access:7”, seven common vulnerabilities and exposures (CVEs) were identified, the most severe of which allows remote code execution (RCE), information disclosure, and denial-of-service (DoS) attacks. The known list of affected devices is significant, and it impacts over one hundred medical device vendors and thousands of their customers.

What can we learn from these Axeda CVEs?

Let’s explore two of the key CVEs in a bit more detail.

1) CVE-2022-25246 calls out the use of hardcoded credentials in its UltraVNC installation. This vulnerability has a severity score of 9.8 and introduces the possibility of RCE in the environment. I think we can all agree that hardcoded credentials are a poor security practice. However, it’s all too common both in “image-driven” installations and in environments where convenience supersedes security concerns.

2) CVE-2022-25247 could allow file system access or RCE on a target system if an attacker “sends certain commands to a specific port without authentication” (https://www.cisa.gov/uscert/ics/advisories/icsa-22-067-01). In addition to the 9.8 severity score, a few other parts of this CVE present immediate red flags.

One way to attain both security and convenience is to use a password vault. The BeyondTrust Password Safe solution allows password and session management (through a variety of protocol/connectivity options) and the convenience and security of injected and rotated passwords. When a password is injected into a session, a) the technician (be they internal or a vendor) doesn’t have to know the password, and b) the credential that was used is rotated. Couple this with an audit log, and there you have it, convenience and security. The usefulness of this functionality extends across the entirety of an organization

With BeyondTrust Privileged Remote Access (PRA), a Jumpoint can be set up in remote networks where all that’s required is outbound connectivity from the Jumpoint to the internet. Anyone who’s authorized to connect to remote devices through that Jumpoint must authenticate (via LDAP, RADIUS, Kerberos or SAML), and have appropriate permissions to create protocol tunnels. These permissions also control what ports this traffic can be sent over. Shadowing of these sessions is possible in real-time, and there’s an audit log of the full session to review what occurred (both via text and video).

Modern environments require modern solutions

Here are three areas to modernize your IoT/SCADA environments and improve security:

1. Secure connectivity - Never open ports inbound to endpoints. Alternatively, if ports are open, ensure only a designated bastion host can connect with these devices. An example of this is a BeyondTrust Jumpoint. The Jumpoint (which can be installed on a Windows or Linux host) connects outbound, over port 443, to the BeyondTrust appliance (be it cloud or on-premises) using a TLS 1.3 encrypted tunnel. This type of secure connectivity represents a best practice as it does not leave open the device, nor does it allow leapfrogging from device to device within the network.

2. Identities - Local usernames/passwords and even static Active Directory accounts are no longer sufficient in today’s dynamic environment (if they ever were). BeyondTrust Password Safe allows organizations to define roles, assign access rights, greatly reduce standing privileges, and utilize credentials (both injection and check out/check in) in a way that maximizes security. Additionally, logs are generated when secure access connections occur and anytime a credential is used in the system. This ensures that, not only do you, as an organization, know what is happening, but also that these logs will make security audits much simpler.

3. Logging - Speaking of logging, the BeyondTrust PRA solution allows full video to be captured of remote sessions. This applies to both an organization’s internal sessions as well as those conducted by third parties (vendors, contractors, outsourcers, etc.). The video capture corresponds to a time stamped text log that shows all activity that occurs during the session. These logs can be standalone, or they can be integrated into systems like ServiceNow for a fuller picture of what happened during a change or incident ticket


Please reach out to sales@beyondtrust.com if you would like to chat about use cases or see a demo of anything discussed in this post.


Datasheets

Secure Remote Access Architecture

Blog

What is Vendor Privileged Access Management (VPAM)?

Blog

What Is RDP & How Do You Secure (or Replace) It?

Photograph of Adam White

Adam White, Director, Technical Marketing

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Up next

From April 7, 2022:
What is Vendor Privileged Access Management (VPAM)?
From April 25, 2022:
Applying Access Control Lists in the Cloud

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Azure PIM vs. BeyondTrust PAM

Whitepapers

The Guide to Just-In-Time Privileged Access Management

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.