CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37244 – Privilege escalation in N-Able's AutomationManagerAgent
https://notcve.org/view.php?id=CVE-2023-37244
02 May 2024 — The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0 La aplicación AutomationManager.AgentService.exe afectada contiene una vulnerabilidad de condición de ejecución TOCTOU que permite a los u... • https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0016.md • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •