Defining RCE
Remote code execution or RCE, also known as arbitrary code execution, is a type of cyberattack. This can affect a person regardless of the location of the device. It allows an attacker to remotely execute malicious code on another person’s computer or device. An RCE vulnerability can have various consequences, ranging from malware execution to a cyber attacker gaining full control over a device.
RCE threats
Remote code execution attacks can be used for several objectives:
- A first possible attacker objective is to achieve initial access so that malware can be installed.
- A second objective can be to use data-stealing malware to extract valuable data.
- A third possible threat is to deny a service. If an attacker runs code on the system hosting the vulnerable application, this can result in the disruption of operations.
- Another common goal is to exploit RCE vulnerabilities for crypto-mining purposes.
- A last possible objective is the deployment and execution of ransomware to deny users access to their files until a ransom is paid.
Different ways to achieve RCE
- Injection attacks: Many applications use user-provided data as input to a command. During an injection attack, an attacker uses malformed input. This causes the application to interpret part of the input as the command. Consequently, the attacker can shape the commands or execute arbitrary code.
- Deserialization attacks: Serialization combines several pieces of data into a single string, thus making it easier to transmit. Attackers include specially formatted user input in this data, causing the deserialization program to interpret it as executable code.
- Out-of-bounds write: Applications store data, but when memory allocation is performed incorrectly, attackers see it as an opportunity to design input that writes outside of the allocated buffer. Executable code is also stored in memory, which means that user-provided data written in the right place could be executed by the application.
Examples of RCE attacks
In December 2021, multiple RCE vulnerabilities were discovered in Log4j, a popular Java logging library. Attackers exploited vulnerable applications to run cryptojackers and other malware. A second remote code execution example is the computer exploit EternalBlue. The WannaCry ransomware used this exploit and became widespread due to a vulnerability in the Server Message Block Protocol. Attackers were able to execute malicious code and run ransomware.
Other examples of RCE targets that are subject to attack are:
- Log4j Vulnerable Software
- Critical VMware vCenter Server Vulnerabilities
- SonicWall VPN Vulnerabilities
- PrintNightmare Bugs
- Chrome and Firefox Vulnerabilities
- Veeam Backup and Replication Vulnerabilities
How to prevent RCE attacks
To prevent RCE attacks, you first and foremost need a reliable way of monitoring your network. This means you need to monitor both the network traffic and each of its endpoints. A web application firewall (WAF) can be a time-saving solution to monitor network traffic for suspicious content. However, WAF lacks the background information from the endpoints, which means that the traffic analysis will never be perfect. This is where the IT recognition and discovery solution of Lansweeper comes in.
How to detect RCE vulnerabilities and prevent RCE attacks
Lansweeper automatically scans your entire network, regardless of asset type or location, and provides you with an airtight foundation for your IT security. After all, you cannot protect what you don’t know you have. IT discovery should always be the first step to any cybersecurity strategy. Lansweeper’s AI-powered asset recognition and discovery solution runs automatically to ensure that you have a complete asset inventory at all times. We also provide an extensive report library that includes many pre-configured and user-made vulnerability audits. You can even create custom reports to scan for more specific information.
In the Lansweeper report library, you can find RCE vulnerability audits like:
- Veeam Backup & Replication RCE Vulnerabilities Audit
- Zoom Vulnerabilities Audit
- iTerm 2 Vulnerability Audit
- Log4J Vulnerable software Audit
- And many more
How to limit the damage of an RCE attack
If an attacker does gain access, make sure to limit their ability to move through the network. You can do so by implementing network segmentation. Lansweeper is a great solution to help you manage your network segmentation and limit the damage of an RCE attack because it gives you 100% visibility of your entire IT environment, regardless of the number of sub-networks you have.
Vulnerability Updates & Security Reports
Receive the latest Vulnerability Reports for FREEn
Count Me In
