PT-2024-26883 · Cososys+1 · Cososys Unify+1
Published
2024-06-27
·
Updated
2024-07-12
·
CVE-2024-36074
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier
CoSoSys Unify versions 7.0.6 and earlier
Description
The issue concerns a remote code execution vulnerability in the Endpoint Protector and Unify agent. This vulnerability arises from the way the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can exploit this vulnerability, causing a client to acquire and execute a malicious file, which results in remote code execution.
Recommendations
For Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier, update to a version later than 5.9.3 to resolve the issue.
For CoSoSys Unify versions 7.0.6 and earlier, update to a version later than 7.0.6 to resolve the issue.
As a temporary workaround, consider restricting administrative access to the Endpoint Protector or Unify server to minimize the risk of exploitation.
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cososys Unify
Netwrix Cososys Endpoint Protector