CVE-2019-12091

Netskope client command injections vulnerability

CVSS 7.8 HIGHEPSS 0.9%CWE-78

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.8EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

26 sep 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Netskope · Netskope client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://airbus-seclab.github.io/advisories/netskope.html https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client