CVE-2017-17023

Name of the Vulnerable Software and Affected Versions Sophos IPSec Client version 11.04 NCP Secure Entry Client version 10.11 r32792

Description A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This issue arises because the VPN client requests update metadata over an insecure HTTP connection and does not check if the software update is signed before running it. The affected client software is related to SIC V11.04-64.exe, NCP EntryCl Windows x86 1004 31799.exe, and ncpmon.exe.

Recommendations For Sophos IPSec Client version 11.04, consider disabling the software update feature until a patch is available. For NCP Secure Entry Client version 10.11 r32792, restrict access to the update metadata to minimize the risk of exploitation. As a temporary workaround, avoid using the software update feature in the affected VPN client until the issue is resolved.