CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36072
https://notcve.org/view.php?id=CVE-2024-36072
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request, resulting in the ability to execute system commands with root privileges. Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecución remota de código en el componente de ... • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-779: Logging of Excessive Data •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36073
https://notcve.org/view.php?id=CVE-2024-36073
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to overwrite sensitive configuration and subsequently execute system commands with SYSTEM/root privileges on a chosen client endpoint. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36075
https://notcve.org/view.php?id=CVE-2024-36075
27 Jun 2024 — The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecución remota de código en ... • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36074
https://notcve.org/view.php?id=CVE-2024-36074
27 Jun 2024 — Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. • https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-41264
https://notcve.org/view.php?id=CVE-2023-41264
28 Nov 2023 — Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and restSettings.AuthorizedSecret fields (for the POST /api/Deployment/ExportConfiguration and POST /api/Deployment endpoints). Netwrix Usercube anterior a 6.0.215, en ciertas instalaciones locales mal configuradas, permite omitir la autenticación en ... • https://www.netwrix.com/identity_governance_and_administration_solution.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 41%CPEs: 1EXPL: 1CVE-2022-31199 – Netwrix Auditor Insecure Object Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2022-31199
08 Nov 2022 — Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacker to execute arbitrary code as the NT AUTHORITY\SYSTEM user on affected systems, including on systems Netwrix Auditor monitors. Existen vulnerabilidades de ejecuci... • https://bishopfox.com/blog/netwrix-auditor-advisory • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15931
https://notcve.org/view.php?id=CVE-2020-15931
20 Oct 2020 — Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. Netwrix Account Lockout Examiner versiones anteriores a 5.1, permite a atacantes remotos capturar el hash de desafío de autenticación Net-NTLMv1/v2 del Administrador de Dominio (que está config... • https://github.com/optiv/CVE-2020-15931 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14969
https://notcve.org/view.php?id=CVE-2019-14969
12 Aug 2019 — Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, granting Authenticated Users full access over the target file). This vulnerability can be triggered by a low-privileged user to perform DLL Hijacking/Binary Plantin... • https://github.com/active-labs/Advisories/blob/master/2019/ACTIVE-2019-010.md • CWE-732: Incorrect Permission Assignment for Critical Resource •