Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-37244

Опубликовано: 02 мая 2024
Источник: nvd
CVSS3: 5.3
CVSS3: 7
EPSS Низкий

Описание

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:n-able:automation_manager:*:*:*:*:*:*:*:*
Версия до 2.91.0.0 (исключая)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 26%
0.00093
Низкий

5.3 Medium

CVSS3

7 High

CVSS3

Дефекты

CWE-362

Связанные уязвимости

github логотип

GHSA-5464-6852-r995

CVSS3: 5.3
github
почти 2 года назад

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

EPSS

Процентиль: 26%
0.00093
Низкий

5.3 Medium

CVSS3

7 High

CVSS3

Дефекты

CWE-362