A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker.
The vulnerability results from improper identity verification (CWE-290) and reliance on untrusted input when making security decisions (CWE-807). The SparkView application incorrectly verifies whether the connection originates from the localhost, allowing a network attacker to spoof or bypass this control mechanism. After successfully bypassing the verification, the attacker can achieve arbitrary code execution on the server side with the highest system privileges (root).
An attacker can take full control of the server by executing arbitrary code with root privileges, resulting in the ability to read and modify all data, install backdoors, and perform further lateral movement in the victim's infrastructure.
Remote Spark SparkView must be immediately updated to build 1122 or later. Detailed information is available in the vendor's references at https://www.remotespark.com/view/new.html. Until the patch is deployed, it is recommended to restrict access to the SparkView service at the firewall level to trusted IP addresses only.
Remote Spark SparkView in all versions prior to build 1122.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X