CVE-2023-28872
https://notcve.org/view.php?id=CVE-2023-28872
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. Support Assistant en NCP Secure Enterprise Client anterior a 13.10 permite a los atacantes ejecutar archivos DLL con privilegios de SYSTEM creando un enlace simbólico desde una ubicación %LOCALAPPDATA%\Temp\NcpSupport*. • https://herolab.usd.de/en/security-advisories/usd-2022-0006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-28868
https://notcve.org/view.php?id=CVE-2023-28868
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes eliminar archivos arbitrarios en el sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0002 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-28870
https://notcve.org/view.php?id=CVE-2023-28870
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. Los permisos de archivos inseguros en Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permiten a los atacantes escribir en archivos de configuración desde cuentas de usuarios con pocos privilegios. • https://herolab.usd.de/en/security-advisories/usd-2022-0004 • CWE-276: Incorrect Default Permissions •
CVE-2023-28871
https://notcve.org/view.php?id=CVE-2023-28871
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes leer información de registro del sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0005 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2023-28869
https://notcve.org/view.php?id=CVE-2023-28869
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes leer el contenido de archivos arbitrarios en el sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0003 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •