CVE-2019-12091

Name of the Vulnerable Software and Affected Versions Netskope client service versions 57 before 57.2.0.219 Netskope client service versions 60 before 60.2.0.214

Description The issue concerns a command injection vulnerability in the connection handling function of the Netskope client service. This vulnerability allows local users to execute code with NTSYSTEM privilege, given that the service runs with this privilege and accepts network connections from localhost.

Recommendations For versions 57 before 57.2.0.219, update to version 57.2.0.219 or later to resolve the issue. For versions 60 before 60.2.0.214, update to version 60.2.0.214 or later to resolve the issue.