Privilege Escalation Vulnerability

This document addresses the specific challenges associated with the privilege escalation vulnerability in Endpoint Central agent.

Severity: High
Attack Vector: Local
Fixed build:
For versions 11.3.2416.18 or below, upgrade to version 11.3.2416.20
For versions 11.3.2428.02 or below, upgrade to 11.3.2428.04
Fix release date: 30-Aug-2024
Reported by: Krzysztof via ZohoCorp Bug bounty program

What was the problem?

A standard user can replace the DLLs in the folder outside of the agent directory by tampering with the code sign of the DLL, and gains admin privilege via the replaced DLL.

Note: This issue is not applicable to Cloud versions.

How to fix it?

Upgrading to the latest version is strongly advised due to this vulnerability's severity. To upgrade, follow the below steps:

1. Login to the Endpoint Central console, and click on your current build number in the top right corner.
2. You'll be able to find the latest build applicable to you. Download the PPM and update.

For any further questions or concerns on this, please write to our support team.