CVE-2019-10882

Опубликовано: 26 сент. 2019

Источник: nvd

CVSS3: 5.5

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Ссылки

https://airbus-seclab.github.io/advisories/netskope.html
Third Party Advisory
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Permissions Required
Release Notes
Vendor Advisory
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Permissions Required
Vendor Advisory
https://airbus-seclab.github.io/advisories/netskope.html
Third Party Advisory
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Permissions Required
Release Notes
Vendor Advisory
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

Версия от 57 (включая) до 57.2.0.219 (исключая)

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

Версия от 60 (включая) до 60.2.0.214 (исключая)

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-120

CWE-787

Связанные уязвимости

GHSA-p778-fw7q-x2mr

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 15%

0.00047

Низкий

5.5 Medium

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-120

CWE-787