tags:macoswindowsenterprise_apppath_traversal original link: A Deep Dive into the CoSoSys EndPoint Protector Exploit: Remote Code Execution
newsletter link: exploits.club Weekly Newsletter 37 - Juicy Overflows, The Art Of Exploitation, Rust in Firmware, and More


Exploits Club Summary:

Theori detailed 4 vulnerabilities in the CoSoSys EndPoint Protector which they found during a recent engagement…ironically**, it did not serve as much of a “data loss prevention” tool in this case**. The vulnerabilities allowed for a complete takeover of both the clients and the server. Leveraging a path traversal on the server, the team could upload a webshell. They then documented 3 ways this newfound access could be abused to take over all the connected clients.