Delaware, USA – January 23, 2018 – 14 serious vulnerabilities were discovered in Gemalto’s SafeNet Sentinel solution, some of which could lead to remote code execution or denial of service. Gemalto has already released patches that fix detected vulnerabilities but did not notify users of the severity of existing threats, so not all solutions have been updated to the current versions. SafeNet Sentinel is a popular license control solution, and other software vendors often use it in own products. Uncovered vulnerabilities can affect millions of users, so researchers from Kaspersky Lab pay attention to the current situation and recommend updating the solution driver to version 7.60 or higher. Also, researchers reported strange functions of the hasplms.exe service, which automatically opens port 1947 on firewalls, making the system vulnerable to remote attacks.
Security commands need to close this port on external firewalls, if possible, to prevent potential attacks. SafeNet Sentinel service operates with system user privilege and adversaries can abuse it to gain a foothold in organization’s network. You can leverage SIEM to monitor traffic inside the organization’s network and events tied to port 1947. Netflow Security Monitor use case will help you detect traffic spikes that may indicate cyberattacks or data leaks.