CVE-2024-36074

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution.
Configurations

No configuration.

History

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html - () https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html -

12 Jul 2024, 16:11

Type Values Removed Values Added
Summary
  • (es) Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecución remota de código en Endpoint Protector y el agente Unify en la forma en que la dependencia EasyLock se adquiere del servidor. Un atacante con acceso administrativo al servidor Endpoint Protector o Unify puede hacer que un cliente adquiera y ejecute un archivo malicioso, lo que resultará en la ejecución remota de código.
CWE CWE-94
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2

27 Jun 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-27 21:15

Updated : 2024-11-21 09:21


NVD link : CVE-2024-36074

Mitre link : CVE-2024-36074

CVE.ORG link : CVE-2024-36074


JSON object : View

Products Affected

No product.

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')