PT-2019-12635 · Netskope · Netskope Client Service

Published

2019-09-26

Updated

2019-10-09

CVE-2019-12091

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netskope client service versions 57 before 57.2.0.219 Netskope client service versions 60 before 60.2.0.214

Description The issue concerns a command injection vulnerability in the connection handling function of the Netskope client service. This vulnerability allows local users to execute code with NTSYSTEM privilege, given that the service runs with this privilege and accepts network connections from localhost.

Recommendations For versions 57 before 57.2.0.219, update to version 57.2.0.219 or later to resolve the issue. For versions 60 before 60.2.0.214, update to version 60.2.0.214 or later to resolve the issue.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2019-12091

Affected Products

Netskope Client Service

PT-2019-12635 · Netskope · Netskope Client Service

CVE-2019-12091

Weakness Enumeration

Related Identifiers

Affected Products

References · 5