Security advisory
RBK-20220705-V0037
RBS elevation of privilege vulnerability
Advisory ID: RBK-20220705-V0037
Severity: High
Reference: CVE-2022-30984
CVSS Score: 8.4
CVSS Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Action required: Customers running CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 must upgrade to CDM 7.0.2-p2 (or later) immediately
Rubrik places trust as one of our primary values, and we take the protection of our customers’ data very seriously. The Rubrik Security Response Team (RSRT) is responsible for investigating and responding to any potential security vulnerabilities that may impact Rubrik products and services.
Summary
Rubrik recently addressed an identified elevation of privilege vulnerability in the CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 and 7.0.1-p3 Rubrik Backup Service (RBS) agent software for Linux and Unix. The RBS agent is commonly installed on protected resources and host systems in customer environments to provide enhanced CDM integration. An attacker that successfully exploits this vulnerability may be able to gain root access and execute arbitrary commands on Linux and Unix-based protected resources and/or host systems running an affected version of the RBS agent. A fix for the RBS agent software is included in CDM 7.0.1-p4 and 7.0.2 (and later). Rubrik strongly urges all customers running CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 to upgrade to CDM 7.0.2-p2 (or later), as soon as possible. The updated version of the agent software is automatically deployed to protected resources and host systems automatically during the next backup after upgrading.
Impact analysis
Upon becoming aware of the exploit, Rubrik immediately activated our vulnerability response process to investigate and identify measures to help protect our customers. Rubrik performed a thorough investigation and determined that, while Rubrik products cannot be directly exploited through this vulnerability, Linux and Unix-based protected resources and/or host systems in a customer’s environment are at risk if they have an affected version of the RBS agent installed.
Am I affected?
Customers are impacted when they have Linux or Unix-based (which includes AIX, Solaris and HPUX) protected resources and/or host systems in their environment with the RBS agent installed, and those protected resources and/or host systems are protected by a CDM cluster or virtual instance running CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3.
Note: Windows protected resources and/or host systems are not affected. Customers running versions of CDM not listed above are not affected.
Verify the Rubrik CDM software release for each cluster with the About Rubrik option from the Settings menu in the UI or from the Admin CLI by running the version command. The version of CDM running on clusters connected to Polaris can also be verified via the Clusters page in the Polaris UI.
Remediation
Rubrik strongly urges all customers running CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 to upgrade to CDM 7.0.2-p2 (or later) as soon as possible. This includes customers who do not have the RBS Linux agent installed on protected resources and/or host systems in their environment. Running CDM 7.0.2-p2 (or later) prevents the possibility of an affected version being deployed in the future.
What action do customers need to take?
Rubrik encourages customers to perform the CDM upgrade from Polaris or the CLI.
- Polaris: Upgrading from Polaris is simple and takes a couple clicks. From the upper-right corner, click the gear icon and then select CDM upgrades.
- CLI: Upgrade from the CLI if Polaris GPS is not used to manage CDM clusters.
Where can I locate more information and get help with the upgrade?
For the latest information including technical details regarding this security advisory, please reference RBK-20220705-V0037 on the Rubrik Support Portal. For questions, please open a case with Rubrik Support using one of the following methods.
- Web: Create a new case on the Rubrik Support Portal
- Email: support@rubrik.com
- Phone: +1-855-910-8820 (United States), +1-650-300-4199 (International), +1-855-267-5053 (US Federal), and all other locations