GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Was ZDI-CAN-27934.
The flaw lies in the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. This process does not require authorization before exposing its functionality, meaning any remote user can access it without authentication. The lack of access control (CWE-862) enables an attacker to chain this vulnerability with other flaws to escalate privileges to SYSTEM level.
An attacker can bypass authentication mechanisms and — by chaining this vulnerability with other flaws — execute arbitrary code in the SYSTEM account context, gaining full control over the compromised system.
Apply patches available from the vendor according to the references provided. As a temporary security measure, it is recommended to restrict network access to port 8017 (e.g., using a firewall) exclusively to trusted hosts.
GFI Archiver — versions indicated in vendor references (the vulnerability affects installations with the MArc.Core.Remoting.exe process running and listening on port 8017)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HGfi Archiver
APPGfi15.10
Related vulnerabilities
GFI Archiver: Pominięcie autoryzacji w MArc.Store umożliwia RCE jako SYSTEM
GFI Archiver – RCE przez podatną wersję Telerik Web UI
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation o...
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabili...
GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerabil...