Vulnerability Details CVE-2019-10882
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 7.2
References
- https://airbus-seclab.github.io/advisories/netskope.html
- https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
- https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
- https://airbus-seclab.github.io/advisories/netskope.html
- https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
- https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client