Endpoint management and monitoring solutions are used to monitor and administrate servers and clients in most corporate networks. While enabling automation and centralized management, they also significantly add to the networks attack surface. Most solutions deploy high-privileged agent services to all systems in the network that are centrally controlled via custom communication protocols. A security vulnerability in either the central component, the agent services, or the communication channels can have a major impact on network integrity affecting the entire company.
In this paper we analysed some well-known endpoint management & monitoring solutions for vulnerabilities. Our research shows that all of the analysed solutions contained vulnerabilities, often with a critical impact that allowed to execute arbitrary code on certain components of the solution.