← Volver a CVEs

CVE-2019-10882

HIGH

7.8

Descripcion

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Detalles CVE

Puntuacion CVSS v3.17.8

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vector de ataqueLOCAL

ComplejidadLOW

Privilegios requeridosLOW

Interaccion usuarioNONE

Publicado9/26/2019

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

netskope:netskope

Debilidades (CWE)

CWE-120CWE-787

Referencias

https://airbus-seclab.github.io/advisories/netskope.html(cert@airbus.com)

https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf(cert@airbus.com)

https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client(cert@airbus.com)

https://airbus-seclab.github.io/advisories/netskope.html(af854a3a-2127-422b-91ae-364da2661108)

https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.