This article provides details about a security vulnerability affecting the Code42 agent installed on user devices.
To protect the security of our customers, we don't publish a security advisory until a vulnerability has been fully investigated and a patch or update is available that resolves the issue.
If you have questions or concerns, contact our Technical Support Engineers.
A vulnerability has been identified that could allow an attacker to change a device's proxy configuration to use a malicious proxy auto-config (PAC) file.
Affected product and versions
- Legacy agent version 8.7.1 and earlier
- Incydr Professional, Enterprise, Horizon, and Gov F2 are not affected
This vulnerability is fixed in Code42 agent version 8.8.0 and later.
- Code42 cloud environments automatically upgraded to Code42 agent 8.8 in November and December, 2021.
- On-premises Code42 environments must follow these steps to lock proxy settings to resolve this vulnerability.
|Date published||January 18, 2022|
|Number of vulnerabilities||1|
|Vulnerability type||Other – Code execution|
Vector string: 3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|Attack vectors||An attacker could escalate privilege and execute arbitrary code on a device.|
|Affected component||Code42 agent|
|Description of the vulnerability||
If the device proxy settings were not locked in the Code42 console, a non-administrative attacker could change the Code42 agent proxy configuration to use a malicious proxy auto-config (PAC) file. The malicious PAC file could then potentially execute arbitrary code at an elevated privilege on a device.
|Acknowledgements||Thank you to Bartłomiej Górkiewicz for discovering and reporting this vulnerability.|