CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28872
https://notcve.org/view.php?id=CVE-2023-28872
25 Dec 2023 — Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. Support Assistant en NCP Secure Enterprise Client anterior a 13.10 permite a los atacantes ejecutar archivos DLL con privilegios de SYSTEM creando un enlace simbólico desde una ubicación %LOCALAPPDATA%\Temp\NcpSupport*. • https://herolab.usd.de/en/security-advisories/usd-2022-0006 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28868
https://notcve.org/view.php?id=CVE-2023-28868
09 Dec 2023 — Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes eliminar archivos arbitrarios en el sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0002 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28869
https://notcve.org/view.php?id=CVE-2023-28869
09 Dec 2023 — Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes leer el contenido de archivos arbitrarios en el sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0003 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28870
https://notcve.org/view.php?id=CVE-2023-28870
09 Dec 2023 — Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. Los permisos de archivos inseguros en Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permiten a los atacantes escribir en archivos de configuración desde cuentas de usuarios con pocos privilegios. • https://herolab.usd.de/en/security-advisories/usd-2022-0004 • CWE-276: Incorrect Default Permissions •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28871
https://notcve.org/view.php?id=CVE-2023-28871
09 Dec 2023 — Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. Support Assistant en NCP Secure Enterprise Client anterior a 12.22 permite a los atacantes leer información de registro del sistema operativo mediante la creación de un enlace simbólico. • https://herolab.usd.de/en/security-advisories/usd-2022-0005 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11474
https://notcve.org/view.php?id=CVE-2020-11474
28 Jul 2020 — NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. NCP Secure Enterprise Client versiones anteriores a 10.15 r47589, permite un ataque de enlace simbólico en enumusb.reg por medio del Support Assistant • https://herolab.usd.de/security-advisories • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-17023
https://notcve.org/view.php?id=CVE-2017-17023
09 Apr 2019 — The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_3179... • https://www.ncp-e.com/en/resources/download-vpn-client/#c8680 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-5203
https://notcve.org/view.php?id=CVE-2010-5203
06 Sep 2012 — Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information. Múlt... • http://secunia.com/advisories/41388 •