CVE-2024-36075

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-36075
The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html
Configurations

No configuration.

History

09 Jul 2024, 20:15

Type Values Removed Values Added
Summary (en) Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of either their own or another client endpoint resulting in the bypass of certain configuration options. Manipulation of the application configuration can result in local policy bypass and in some scenarios remote code execution. (en) The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint.

03 Jul 2024, 02:02

Type Values Removed Values Added
CWE CWE-94
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.5
Summary
  • (es) Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecución remota de código en el componente de configuración de la aplicación de Endpoint Protector y el agente Unify que permite a un atacante remoto no autenticado manipular la configuración propia o de otro endpoint del cliente, lo que da como resultado la omisión de ciertas opciones de configuración. La manipulación de la configuración de la aplicación puede dar como resultado la omisión de la política local y, en algunos escenarios, la ejecución remota de código.

27 Jun 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-27 21:15

Updated : 2024-07-09 20:15

NVD link : CVE-2024-36075

Mitre link : CVE-2024-36075

CVE.ORG link : CVE-2024-36075

JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')