RTI Connext Professional XML External Entity Vulnerability Allowing Unauthorized File Read

A vulnerability exists in RTI Connext Professional's Cloud Discovery Service, Collector Service, Queuing Service, Recording Service, and Routing Service. This vulnerability stems from improper handling of XML external entity references, which can lead to unauthorized access to the local file system and cause a denial-of-service condition by crashing the application. The issue is triggered when the services parse malicious XML configuration documents, a process that can be exploited by providing harmful XML during the application's startup.

Impact

Exploitation of this vulnerability allows unauthorized reading of local files and could cause the application to crash, disrupting service availability.

Reproduction

To reproduce this vulnerability, upload a malicious XML file containing harmful external entity references to the application's configuration directory. Then, start the application service, which will parse the XML file and execute the embedded malicious code.

Remediation

Users can protect access to the file system by restricting permissions on XML QoS documents. Additionally, a patch is available for RTI Connext Professional version 7.3.1.2 on the RTI Customer Portal. For other versions, contact RTI Support to arrange a patch.