Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
Description
Kramer VIAware contains an unauthenticated arbitrary file upload vulnerability (CVE-2021-36356/CVE-2021-35064) that allows remote attackers to upload files without authentication. This vulnerability can be exploited to upload malicious executable files, such as PHP web shells, leading to complete system compromise through remote code execution.
Remediation
1. Immediately upgrade Kramer VIAware to the latest patched version that addresses CVE-2021-36356 and CVE-2021-35064.
2. If immediate patching is not possible, implement the following temporary mitigations:
- Restrict network access to the VIAware application using firewall rules or network segmentation
- Place the application behind a Web Application Firewall (WAF) configured to block file upload attempts to vulnerable endpoints
- Monitor web server logs for suspicious file upload activity and unexpected PHP file creation
3. After patching, conduct a security audit to identify any unauthorized files that may have been uploaded prior to remediation.
4. Review and harden file upload functionality by implementing proper input validation, file type restrictions, and storing uploaded files outside the web root directory.