CVE-2019-10882

Netskope client buffer overflow vulnerability

CVSS 5.5 MEDIUMEPSS 0.4%CWE-120

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 sep 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Productos afectados

Netskope · Netskope client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://airbus-seclab.github.io/advisories/netskope.html https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client