CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24576
https://notcve.org/view.php?id=CVE-2020-24576
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. Netskope Client versiones hasta 77, permite a usuarios poco privilegiados elevar sus privilegios a NT AUTHORITY\SYSTEM • https://www.netskope.com https://www.netskope.com/company/security-compliance-and-assurance/release-78-security-advisory-nskpsa2020-001 • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28845
https://notcve.org/view.php?id=CVE-2020-28845
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. Una vulnerabilidad de inyección CSV en el portal de administración de Netskope versión 75.0, permite a un usuario no autenticado inyectar una carga útil maliciosa en el portal de administración y, por lo tanto, comprometer el sistema de administración • http://the-it-wonders.blogspot.com/2020/11/netskope-csv-injection-in-admin-ui.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12091 – Netskope client command injections vulnerability
https://notcve.org/view.php?id=CVE-2019-12091
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. El servicio cliente Netskope, v57 versiones anteriores a 57.2.0.219 y v60 versiones anteriores a 60.2.0.214, ejecutado con privilegio NT\SYSTEM, acepta conexiones de red de localhost. La función de manejo de conexión en este servicio sufre de vulnerabilidad de inyección de comando. • https://airbus-seclab.github.io/advisories/netskope.html https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10882 – Netskope client buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2019-10882
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. El servicio cliente Netskope, v57 versiones anteriores a 57.2.0.219 y v60 versiones anteriores a 60.2.0.214, ejecutado con privilegio NT\SYSTEM, acepta conexiones de red de localhost. La función de manejo de conexión en este servicio sufre de un desbordamiento de búfer en la región heap de la memoria en la función "doHandshakefromServer". • https://airbus-seclab.github.io/advisories/netskope.html https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •