Ascertia SigningHub Arbitrary File Upload Vulnerability Allowing Code Execution

A vulnerability allowing arbitrary file upload has been identified in Ascertia SigningHub version 8.6.8 and prior. This issue enables attackers to execute arbitrary code by uploading a specially crafted PDF file. The vulnerability arises from the application's failure to properly scan uploaded files before they are processed and sent to recipients for digital signature. Exploitation could involve uploading a file with a malicious script or phishing URL, which is then converted to PDF and forwarded to the target user. The generated PDF would display the attacker-controlled hyperlink text without any warning, potentially leading the recipient to click the link and execute malicious commands.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the recipient's system, facilitated by social engineering to mislead users into clicking malicious links.

Reproduction

To reproduce this vulnerability, upload an Excel file containing a malicious script or a phishing URL through the application's file upload feature. Once the file is uploaded, the application will convert it to a PDF and send it to the intended recipient for digital signature. The recipient will see the hyperlink with attacker-controlled text, without any warning, allowing for deception and execution of malicious commands.

Remediation

Users are advised to update to versions of SigningHub released after 8.6.8. Additionally, implementing a file scanning process for uploaded documents before they are sent to recipients could help mitigate this vulnerability.