A critical remote code execution vulnerability has been identified in multiple Lanscope Endpoint Manager products. This flaw allows a remote attacker to execute arbitrary code on managed endpoints by sending a specially crafted request, potentially leading to a complete system compromise, data theft, or ransomware deployment. Due to the high severity (CVSS 9.8), immediate patching is required to mitigate the significant risk to the organization.

The client program (MR) and detection agent (DA) components of Lanscope Endpoint Manager (On-Premises) fail to properly validate the origin of incoming network requests. An unauthenticated, remote attacker can exploit this by sending a specially crafted request to a vulnerable endpoint. The agent will process this malicious request as if it were a legitimate command, resulting in arbitrary code execution with the privileges of the agent service, which are typically elevated.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation would grant an attacker complete control over any endpoint running the vulnerable agent. This could lead to severe business disruptions, including the deployment of ransomware, exfiltration of sensitive corporate data, lateral movement across the network to compromise other critical assets, and a total loss of system integrity and availability. The impact is enterprise-wide, as endpoint management agents are typically deployed on all workstations and servers.

Immediate Action: The primary and most effective remediation is to update all instances of Lanscope Endpoint Manager Client program (MR) and Detection agent (DA) to the latest patched version provided by the vendor. After patching, review access logs and system logs on managed endpoints for any signs of compromise that may have occurred prior to the update.

Proactive Monitoring: Security teams should actively monitor for indicators of compromise. This includes looking for unusual network traffic patterns to and from endpoints on the ports used by the Lanscope agent, unexpected processes being spawned by the agent's service, and anomalous commands in Lanscope management logs. Implement enhanced monitoring rules in SIEM and EDR solutions to detect suspicious activity related to the Lanscope agent processes.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the attack surface. Use host-based firewalls on endpoints to restrict inbound connections to the Lanscope agent's listening ports, allowing communication only from trusted management servers. Employ network segmentation to prevent untrusted network segments from being able to reach endpoints directly.

Public Exploit Available: false

This vulnerability represents a critical and immediate threat to the organization. Due to the 9.8 CVSS score, organizations must prioritize the immediate identification and patching of all affected Lanscope Endpoint Manager agents. Although this CVE is not currently on the CISA KEV list, its severity makes it a prime candidate for future inclusion. All system owners should apply the vendor-supplied updates without delay to prevent a potential full-scale compromise of the endpoint environment.