Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-10882
PUBLISHED
More InfoOfficial Page
Assigner-airbus
Assigner Org ID-24a3c815-5f22-4d74-967a-30958d6466f4
View Known Exploited Vulnerability (KEV) details
Published At-26 Sep, 2019 | 15:16
Updated At-16 Sep, 2024 | 23:00
Rejected At-
▼CVE Numbering Authority (CNA)
Netskope client buffer overflow vulnerability

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Affected Products
Vendor
Netskope
Product
Netskope client
Platforms
  • x86
Versions
Affected
  • From 54 before Netskope client* (custom)
    • -> unaffectedfrom62
Unaffected
  • Netskope client 57.2.0.219
  • Netskope client 60.2.0.214
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.

Configurations
Workarounds
Exploits
Credits
Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
x_refsource_CONFIRM
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
x_refsource_CONFIRM
https://airbus-seclab.github.io/advisories/netskope.html
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
x_refsource_CONFIRM
x_transferred
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
x_refsource_CONFIRM
x_transferred
https://airbus-seclab.github.io/advisories/netskope.html
x_refsource_MISC
x_transferred
Details not found