The vulnerability exists within the GetCookie() endpoint due to unsafe deserialization of AuthorizationCookie objects. The application insecurely decrypts cookie data using AES-128-CBC and subsequently deserializes it via BinaryFormatter without sufficient type validation. The deployed agent will run with SYSTEM privileges. This exploit performs the following steps: Retrieves the ServerID via a SOAP request to the ReportingWebService. Obtains an authorization cookie. Obtains a reporting cookie. Constructs and sends a malicious event payload. Checks the server's response to confirm success
CVE Link
Exploit Platform
Exploit Type
Product Name