MIM Software RMI Interface Arbitrary Code Execution Vulnerability in Admin Service

A high-severity vulnerability has been identified in the MIM Admin service, allowing for arbitrary code execution with the service's privileges. This vulnerability arises from the RMI interface, which is accessible only locally. An attacker must have compromised the network and the system running the MIM Admin service. Knowledge of MIM's implementation and access to extend the RMI library are also required to exploit this vulnerability. Users of MIM Software products exposed via RDP or multi-user application virtualization should be aware that the exposed system is the one hosting the virtualized MIM client.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the local machine, executed with the privileges of the MIM Admin service.

Remediation

Users should update to MIM Admin service versions 7.2.13, 7.3.8, or 7.4.3. For customers unable to upgrade, those with a Fixed License can contact MIM support to switch to a Local or Concurrent license and then block all connections to port 5981 on MIM client systems. Customers without a Fixed License may use a firewall or network control system to block connections to port 5981.