nvd-json-data-feeds/CVE-2024/CVE-2024-360xx/CVE-2024-36075.json

{
  "id": "CVE-2024-36075",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-06-27T21:15:15.610",
  "lastModified": "2024-07-03T02:02:45.453",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of either their own or another client endpoint resulting in the bypass of certain configuration options. Manipulation of the application configuration can result in local policy bypass and in some scenarios remote code execution."
    },
    {
      "lang": "es",
      "value": "Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el componente de configuraci\u00f3n de la aplicaci\u00f3n de Endpoint Protector y el agente Unify que permite a un atacante remoto no autenticado manipular la configuraci\u00f3n propia o de otro endpoint del cliente, lo que da como resultado la omisi\u00f3n de ciertas opciones de configuraci\u00f3n. La manipulaci\u00f3n de la configuraci\u00f3n de la aplicaci\u00f3n puede dar como resultado la omisi\u00f3n de la pol\u00edtica local y, en algunos escenarios, la ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",
      "source": "cve@mitre.org"
    }
  ]
}
Auto-Update: 2024-06-27T22:00:18.274045+00:00 2024-06-27 22:03:10 +00:00			`{`
			`"id": "CVE-2024-36075",`
			`"sourceIdentifier": "cve@mitre.org",`
			`"published": "2024-06-27T21:15:15.610",`
Auto-Update: 2024-07-03T04:01:59.096372+00:00 2024-07-03 04:04:51 +00:00			`"lastModified": "2024-07-03T02:02:45.453",`
Auto-Update: 2024-06-28T16:01:07.532461+00:00 2024-06-28 16:04:01 +00:00			`"vulnStatus": "Awaiting Analysis",`
			`"cveTags": [],`
Auto-Update: 2024-06-27T22:00:18.274045+00:00 2024-06-27 22:03:10 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			"value": "Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the application configuration component of the Endpoint Protector and Unify agent which allows a remote, unauthenticated attacker to manipulate the configuration of either their own or another client endpoint resulting in the bypass of certain configuration options. Manipulation of the application configuration can result in local policy bypass and in some scenarios remote code execution."
Auto-Update: 2024-07-03T04:01:59.096372+00:00 2024-07-03 04:04:51 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Netwrix CoSoSys Endpoint Protector hasta 5.9.3 y CoSoSys Unify hasta 7.0.6 contienen una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el componente de configuraci\u00f3n de la aplicaci\u00f3n de Endpoint Protector y el agente Unify que permite a un atacante remoto no autenticado manipular la configuraci\u00f3n propia o de otro endpoint del cliente, lo que da como resultado la omisi\u00f3n de ciertas opciones de configuraci\u00f3n. La manipulaci\u00f3n de la configuraci\u00f3n de la aplicaci\u00f3n puede dar como resultado la omisi\u00f3n de la pol\u00edtica local y, en algunos escenarios, la ejecuci\u00f3n remota de c\u00f3digo."
			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 6.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 2.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-94"`
			`}`
			`]`
Auto-Update: 2024-06-27T22:00:18.274045+00:00 2024-06-27 22:03:10 +00:00			`}`
			`],`
			`"references": [`
			`{`
			`"url": "https://helpcenter.netwrix.com/bundle/z-kb-articles-salesforce/page/kA0Qk0000001E5lKAE.html",`
			`"source": "cve@mitre.org"`
			`}`
			`]`
			`}`