CVE-2024-36075

Name of the Vulnerable Software and Affected Versions CoSoSys Endpoint Protector versions 5.9.3 and earlier Unify agent versions 7.0.6 and earlier

Description The issue is related to the extraction of an archive obtained from the server on the endpoint, which can lead to arbitrary code execution. An attacker who can modify the archive on the server could potentially obtain remote code execution as an administrator on an endpoint.

Recommendations For CoSoSys Endpoint Protector versions 5.9.3 and earlier, update to a version later than 5.9.3 to resolve the issue. For Unify agent versions 7.0.6 and earlier, update to a version later than 7.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the archive extraction functionality until a patch is available.