GRIMM, a forward-looking cybersecurity organization led by industry experts, today announced they performed dedicated vulnerability research against Beagle Software’s ClockWatch Enterprise time synchronization software and discovered a vulnerability in the software’s remote administration feature. This research stems from GRIMM’s Private Vulnerability Disclosure (PVD) Program where research targets are selected based on extensive threat modeling and our team’s deep background in reverse engineering and vulnerability research.
“We discovered a remote code execution (RCE) vulnerability in Beagle Software’s ClockWatch Enterprise time synchronization software,” said Adam Nichols, Principal of Software Security, GRIMM. “The impact of this vulnerability is that it could allow an unauthenticated, network attacker to escalate privileges (SYSTEM), install malware, or move laterally through a network with 100% reliability and no visual indicators of compromise.”
To mitigate these risks, GRIMM recommends that system administrators block traffic on the target port (TCP/1001) on both host and network firewalls so that only traffic from the designated ClockWatch Enterprise host is allowed. Additionally, GRIMM recommends that organizations pay close attention to “remote administration” features when performing due diligence during procurement.
This bug is significant because any host with this software installed is exploitable by any attacker that can reach the service’s listening port. Additionally, it is expected that the vast majority of installations of this software are running as Windows services, which means that exploitation results in SYSTEM level privileges. Since this is enterprise-grade software, the expectation is that enterprise environments are where most of this software is installed.
This software is used in the Finance, Government, Industrial, Medical, Transportation, Education and Energy sectors, where a complete takeover of machines could have significant consequences. It’s very important to mitigate this vulnerability quickly.
After being informed of the vulnerability Beagle Software removed the product from their website, marking it as being discontinued. It is not clear how many organizations are still using this software.
The security research is done entirely by GRIMM’s internal PVD team. The GRIMM PVD team has decades of experience in the most sensitive environments. Because GRIMM has a strong commitment to partnership, the PVD program welcomes requests to look into specific software or hardware. GRIMM is able to offer this service to a limited, trusted clientele to ensure that the program is used appropriately while the team works with the vendors for patches.
For more information, contact email@example.com.
GRIMM is a forward-thinking cybersecurity organization led by industry experts. The company’s practice demonstrates the impact of security risks and provides the technical solutions to address top risks. GRIMM’s expertise is built on operational experience solving advanced cybersecurity problems. For more, go to www.grimm-co.com.