edit-icon download-icon

[Vulnerability notice] NetSarang Xmanager and Xshell with backdoor program installed

Last Updated: Apr 02, 2018

NetSarang is a security connectivity solution provider, which provides the Xmanager Enterprise, Xmanager, Xshell, Xftp, and Xlpd remote connection management client products. These products are mainly used by IT O&M engineers to perform remote O&M.

Recently, it was detected that the nssock2.dll module in the officially released software versions was installed with backdoor program. This software is widely used by technical personnel, so the vulnerability causes security risk.

The latest version Xshell 5 Build 1326 was released and updated on August 5, 2017. We recommend that you scan for virus on the entire disk and upgrade the software to the latest version.

See the following for more information about the vulnerability.


CVE identifier

None

Vulnerability name

NetSarang Xmanager and Xshell with backdoor program installed

Vulnerability rating

High

Vulnerability description

The nssock2.dll module under the Xmanager or Xshell installation directory is installed with the backdoor program, which may steal sensitive information from the affected hosts.

Condition and method of exploitation

This vulnerability can be exploited locally.

Affected scope

  • Xmanager Enterprise 5.0 Build 1232
  • Xmanager 5.0 Build 1045
  • Xshell 5.0 Build 1322
  • Xftp 5.0 Build 1218
  • Xlpd 5.0 Build 1220

Vulnerability detection

  • Check whether any affected version is used on the computer.

  • Run the antivirus software to scan and terminate the virus process.

How to fix or mitigate

  • Install the antivirus software, update the antivirus database, scan for the virus on the entire disk, and change the operating system account password.

  • Upgrade the software to the latest version released on official website.

    update

  • Check whether the vulnerability exists in the Xshell module of the bastion host.

  • Check whether the Xmanager or Xshell is installed on the server. If so, uninstall it.

  • Do not download software programs from non-official websites.

Reference

[1]. https://www.netsarang.com/news/security_exploit_in_july_18_2017_build.html

Thank you! We've received your feedback.