Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
 
Support
 
Phone Get Quote
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

Security Updates

Insufficient Access Control Vulnerability fixed in ADAudit Plus build 7270

Vulnerability details
Severity Medium
CVE ID CVE-2024-36036
Affected software versions All ADAudit Plus builds below 7270
Fixed version Build 7270
Fixed on December 29, 2023

Details

A vulnerability due to insufficient access control enforcement on ADAudit Plus' agent configuration data managed in registry has been fixed.

Impact

This vulnerability could allow a malicious insider to send a crafted, authenticated RPC request and modify the affected machine's agent configuration.

Steps to upgrade

Update your ADAudit Plus instance to the latest build — 7270 — using the service pack.

Acknowledgements

This issue was reported by Andreas from Shelltrail.

Please contact support@adauditplus.com for more details.

ADAudit Plus Trusted By