Tanium Endpoint Configuration Toolset Solution and EUSS Arbitrary File Deletion Vulnerability

An arbitrary file deletion vulnerability has been identified in Tanium's Endpoint Configuration Toolset Solution and the End User Notification component of the Tanium Endpoint User Support Services (EUSS). This vulnerability affects Tanium Clients running versions 7.4 and 7.5, as well as specific versions of the Endpoint Configuration Toolset Solution and Tanium EUSS. The vulnerability could allow an attacker to delete files or folders they should not have access to.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files or folders on systems running the Tanium Client.

Remediation

Users can upgrade to Tanium Endpoint Configuration Toolset Solution version 1.40.42 or later, or Tanium EUSS version 1.17.41 or 1.18.28 or later, depending on their current version. Tanium on-prem customers who use ECM should deploy specific Manifests to all endpoints. Tanium Cloud customers who use ECM should also deploy one of the specified Manifests to all endpoints.