CVE-2024-36072
Published: 27 June 2024
Summary
CVE-2024-36072 is a critical-severity Logging of Excessive Data (CWE-779) vulnerability in Netwrix CoSoSys Endpoint (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Netwrix CoSoSys Endpoint Protector through version 5.9.3 and CoSoSys Unify through version 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application. The flaw, tracked as CVE-2024-36072 with a CVSS 3.1 score of 9.8, is categorized under CWE-779 and permits unauthenticated remote attackers to submit crafted requests that result in arbitrary system command execution.
An unauthenticated remote attacker can send a malicious request directly to the affected server application and obtain root-level command execution on the underlying host. No authentication, user interaction, or special network positioning is required for successful exploitation.
Reference advisories from Netwrix are published at https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html. The associated EPSS score has remained low, with a current value of 0.0593 and a peak of 0.0608.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-35871
Vulnerability details
Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious request,…
more
resulting in the ability to execute system commands with root privileges.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Audit record reduction explicitly manages excessive log volumes for review and reporting while preserving original content and ordering, reducing the impact of logging excessive data.