CVE-2019-12091

Опубликовано: 26 сент. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Ссылки

https://airbus-seclab.github.io/advisories/netskope.html
Third Party Advisory
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Permissions Required
Release Notes
Vendor Advisory
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Permissions Required
Vendor Advisory
https://airbus-seclab.github.io/advisories/netskope.html
Third Party Advisory
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Permissions Required
Release Notes
Vendor Advisory
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Permissions Required
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

Версия от 57 (включая) до 57.2.0.219 (исключая)

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

Версия от 60 (включая) до 60.2.0.214 (исключая)

EPSS

Процентиль: 44%

0.00212

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-h567-88r9-48gj

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 44%

0.00212

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-78