CVE-2024-36072 (CVSS 10): Unauthenticated RCE Flaw in CoSoSys Endpoint Protector

CoSoSys, a leading data loss prevention (DLP) solutions provider, has urgently released patches to address four severe vulnerabilities discovered in their Endpoint Protector and Unify products. These vulnerabilities, discovered by Sangjun Song and Junwoo Byun from the third-party security research team Theori, could potentially allow attackers to gain unauthorized access, execute malicious code, and bypass crucial security measures.

The vulnerabilities, tracked as CVE-2024-36072, CVE-2024-36073, CVE-2024-36074, and CVE-2024-36075, affect both the server and agent components of Endpoint Protector and Unify. These flaws range from remote code execution with root privileges to bypassing data loss prevention policies, posing significant risks to sensitive data and critical systems.

• CVE-2024-36072 (CVSSv4 10): An unauthenticated attacker could exploit a flaw in the logging component to execute system commands with root privileges.
• CVE-2024-36073 (CVSSv4 8.5): An attacker with administrative access to the server could overwrite sensitive configuration and execute system commands on client endpoints.
• CVE-2024-36074 (CVSSv4 7.3): An attacker with server access could cause clients to execute malicious files.
• CVE-2024-36075 (CVSSv4 7.2): An unauthenticated attacker could manipulate client configurations, potentially bypassing security policies and even achieving remote code execution in certain scenarios.

All versions of CoSoSys Endpoint Protector up to and including 5.9.3.0, as well as CoSoSys Unify up to and including 7.0.6, are vulnerable. CoSoSys urges all customers to immediately apply the available patches to safeguard their environments.

To mitigate these vulnerabilities, CoSoSys has issued patches for the affected versions. Users and administrators are strongly advised to update their systems to the latest versions immediately.