CVE-2021-29655
📋 TL;DR
CVE-2021-29655 is a critical vulnerability in Pexip Infinity Connect that allows execution of untrusted code due to missing provisioning authenticity checks. Attackers can exploit this to run arbitrary code on affected systems. All organizations using vulnerable versions of Pexip Infinity Connect are affected.
💻 Affected Systems
- Pexip Infinity Connect
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to execute arbitrary code, steal sensitive data, deploy ransomware, or pivot to other network resources.
Likely Case
Remote code execution leading to data exfiltration, installation of backdoors, or disruption of video conferencing services.
If Mitigated
Limited impact if network segmentation isolates Pexip systems and strict access controls are in place.
🎯 Exploit Status
CVSS 9.8 indicates trivial exploitation without authentication. No public exploit code has been released.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.8.0 and later
Vendor Advisory: https://docs.pexip.com/admin/security_bulletins.htm
Restart Required: Yes
Instructions:
1. Download Pexip Infinity Connect version 1.8.0 or later from official sources. 2. Backup current configuration. 3. Install the updated version following vendor documentation. 4. Restart the Pexip Infinity Connect service. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Pexip Infinity Connect systems from untrusted networks and restrict access to authorized users only.
Access Control Lists
allImplement strict firewall rules to limit inbound connections to Pexip Infinity Connect systems.
🧯 If You Can't Patch
- Immediately isolate affected systems from production networks and internet access.
- Implement strict network segmentation and monitor all traffic to/from Pexip systems for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check the Pexip Infinity Connect version in the administration interface or via system logs. Versions below 1.8.0 are vulnerable.Check Version:
Check the Pexip Infinity Connect web interface or consult system documentation for version verification commands specific to your deployment.Verify Fix Applied:
Verify the version shows 1.8.0 or higher in the administration interface and check that all services are running normally.📡 Detection & Monitoring
Log Indicators:
- Unusual provisioning requests
- Unexpected process execution
- Authentication failures from unknown sources
- System configuration changes
Network Indicators:
- Unusual outbound connections from Pexip systems
- Suspicious inbound traffic to provisioning ports
- Traffic patterns inconsistent with normal usage
SIEM Query:
source="pexip*" AND (event_type="provisioning" OR event_type="system_change") AND status="unexpected"