3rd Party Risk Management , Governance & Risk Management

Third Party Zero-Day Bug Exploited in Rackspace Systems

Rackspace Scrambles to Patch Zero Day Dashboard Bug
Third Party Zero-Day Bug Exploited in Rackspace Systems
ScienceLogic said it developed a patch to fix a zero day vulnerability. (Image: ScienceLogic)

Hosted services company Rackspace confirmed that criminals exploited a zero day vulnerability in a third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline.

See Also: Live Webinar | Navigating Emerging Threats: Strengthening Incident Response Capabilities

The bug, discovered within ScienceLogic's EM7 Portal, allowed attackers to gain access to three internal monitoring web servers and some limited customer information.

The incident began on September 24 at 11:40 CDT, when Rackspace became aware of the issue with the ScienceLogic EM7 Portal.

According to The Register, which first reported the incident, the vulnerability allowed unauthorized access to monitoring data.

Rackspace said that the event did not impact customer performance or the monitoring services. The only disruption was the inability to view monitoring graphs through the MyRack portal. The company did not respond to a request for comment.

"Customer performance monitoring was not impacted by this event. The only impact on customers was the inability to access their associated monitoring dashboard. There was no other customer service disruption as a result of this event," the cloud-hosting provider said in a statement.

The Register said Rackspace uses ScienceLogic's software on its internal web servers. Attackers exploited a vulnerability in a program bundled with ScienceLogic's SL1 package, which enabled access to sensitive customer monitoring data before the intrusion was stopped.

The vulnerability has since been patched, and Rackspace is working to restore full functionality.

Rackspace announced that it is testing an update to reinstate the customer dashboards, although they are expected to remain offline until the end of the week.

ScienceLogic, the vendor behind the affected software, acknowledged the issue and confirmed it issued a patch for the zero-day remote code execution vulnerability.

"Upon identification, we swiftly developed a patch to remediate the incident and have made it available to all customers. We will continue to update customers as appropriate," a ScienceLogic spokesperson told Information Security Media Group.

Texas-based Rackspace serves over 300,000 customers globally, including two-thirds of the world's 100 largest publicly traded companies.

The company in late 2022 said a ransomware attack caused outages to its hosted Exchange environment. The provider experienced a disruption in its Microsoft email service servers (see: Rackspace Confirms Exchange Outage Caused by Ransomware). The attack cost the cloud computing giant around $10.8 million.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.