3rd Party Risk Management , Governance & Risk Management
Third Party Zero-Day Bug Exploited in Rackspace Systems
Rackspace Scrambles to Patch Zero Day Dashboard BugHosted services company Rackspace confirmed that criminals exploited a zero day vulnerability in a third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline.
See Also: Deploying Third-Party Management to Navigate Risk Across Industries
The bug, discovered within ScienceLogic's EM7 Portal, allowed attackers to gain access to three internal monitoring web servers and some limited customer information.
The incident began on September 24 at 11:40 CDT, when Rackspace became aware of the issue with the ScienceLogic EM7 Portal.
According to The Register, which first reported the incident, the vulnerability allowed unauthorized access to monitoring data.
Rackspace said that the event did not impact customer performance or the monitoring services. The only disruption was the inability to view monitoring graphs through the MyRack portal. The company did not respond to a request for comment.
"Customer performance monitoring was not impacted by this event. The only impact on customers was the inability to access their associated monitoring dashboard. There was no other customer service disruption as a result of this event," the cloud-hosting provider said in a statement.
The Register said Rackspace uses ScienceLogic's software on its internal web servers. Attackers exploited a vulnerability in a program bundled with ScienceLogic's SL1 package, which enabled access to sensitive customer monitoring data before the intrusion was stopped.
The vulnerability has since been patched, and Rackspace is working to restore full functionality.
Rackspace announced that it is testing an update to reinstate the customer dashboards, although they are expected to remain offline until the end of the week.
ScienceLogic, the vendor behind the affected software, acknowledged the issue and confirmed it issued a patch for the zero-day remote code execution vulnerability.
"Upon identification, we swiftly developed a patch to remediate the incident and have made it available to all customers. We will continue to update customers as appropriate," a ScienceLogic spokesperson told Information Security Media Group.
Texas-based Rackspace serves over 300,000 customers globally, including two-thirds of the world's 100 largest publicly traded companies.
The company in late 2022 said a ransomware attack caused outages to its hosted Exchange environment. The provider experienced a disruption in its Microsoft email service servers (see: Rackspace Confirms Exchange Outage Caused by Ransomware). The attack cost the cloud computing giant around $10.8 million.