CVE-2019-12091
Netskope client command injections vulnerability
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
El servicio cliente Netskope, v57 versiones anteriores a 57.2.0.219 y v60 versiones anteriores a 60.2.0.214, ejecutado con privilegio NT\SYSTEM, acepta conexiones de red de localhost. La función de manejo de conexión en este servicio sufre de vulnerabilidad de inyección de comando. Los usuarios locales pueden usar esta vulnerabilidad para ejecutar código con privilegio NT\SYSTEM.
*Credits:
Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-05-14 CVE Reserved
- 2019-09-26 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://airbus-seclab.github.io/advisories/netskope.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netskope Search vendor "Netskope" | Netskope Search vendor "Netskope" for product "Netskope" | >= 57 < 57.2.0.219 Search vendor "Netskope" for product "Netskope" and version " >= 57 < 57.2.0.219" | - |
Affected
| ||||||
| Netskope Search vendor "Netskope" | Netskope Search vendor "Netskope" for product "Netskope" | >= 60 < 60.2.0.214 Search vendor "Netskope" for product "Netskope" and version " >= 60 < 60.2.0.214" | - |
Affected
| ||||||