CVE-2024-36073

Name of the Vulnerable Software and Affected Versions Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier CoSoSys Unify versions 7.0.6 and earlier

Description The issue allows an attacker with administrative access to the server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint. This is due to a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent.

Recommendations For Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier, update to a version later than 5.9.3 to resolve the issue. For CoSoSys Unify versions 7.0.6 and earlier, update to a version later than 7.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the shadowing component of the Endpoint Protector and Unify agent to minimize the risk of exploitation.