CVE-2023-37244

Name of the Vulnerable Software and Affected Versions AutomationManager.AgentService.exe versions prior to 2.91.0.0

Description The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:ProgramDataN-Able TechnologiesAutomationManagerTemp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions.

Recommendations For versions prior to 2.91.0.0, upgrade to version 2.91.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the Temp directory at C:ProgramDataN-Able TechnologiesAutomationManagerTemp to minimize the risk of exploitation.