NHS urges orgs to apply security update for Okta Client RCE bug

The UK’s NHS Digital agency is warning organizations to apply new security updates for a remote code execution vulnerability in the Windows client for the Okta Advanced Server Access authentication management platform.

“NHS Digital is the national digital, data and technology delivery partner for the NHS and social care system,” explains the website for NHS Digital.

In an NHS Digital Cyber Alert released yesterday, all organizations are advised to apply the latest patches for the Okta Advanced Server Client to fix an RCE vulnerability disclosed last week.

Okta Advanced Server Access is a popular identity and authentication management platform that provides secure single sign-on (SSO) to servers, applications, and cloud services, such as Amazon AWS.

This product is widely used by over 14,000 organizations worldwide, including JetBlue, Nordstrom, Siemens, Slack, Takeda, Teach for America, and Twilio.

Patch for RCE vulnerability

Last week, Okta disclosed a new remote code execution vulnerability tracked as CVE-2022-24295, allowing remote attackers to perform command injection via a specially crafted URL.

Remote code execution attacks can lead to complete system control, perform silent data exfiltration, lateral network movement, and initial access to corporate networks.

At this time, and due to the potentially severe consequences of the flaw’s exploitation, no technical details have been disclosed to the public.

The vulnerability affects all versions of the Advanced Server Access Client before 1.57.0, which is the version that addresses the problem and hence the upgrade target for all admins.

Okta released Advanced Server Access Client version 1.57.0 last week, but the application of available security updates needs to pick up pace as threat actors are likely to start scanning the web to find vulnerable deployments.

The vendor hasn’t provided any mitigations or workarounds, so the remediation advice is limited to updating to the latest client available from Okta.

The NHS Digital advisory also reminds system administrators that several of Okta’s products were impacted by the Log4Shell exploit that hackers heavily leveraged during the past couple of months.

Okta’s response to CVE-2021-44228, CVE-2021-45105, and CVE-2021-45046, came gradually, as addressing the security issue on a large number of products inevitably took a while.