Remote Code Execution Vulnerability in Endpoint Protector and Unify Agent
CVE-2024-36075

6.5MEDIUM

Key Information:

Vendor: Netwrix
Vendor: CVE Published:; 27 June 2024

What is CVE-2024-36075?

The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint.

References

https://helpcenter.netwrix.com/bundle/z-kb-articles-sales...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024

CVE-2024-36075 Data

JSON

Netwrix

What is CVE-2024-36075?

References

CVSS V3.1

Timeline