Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2019-12091
PUBLISHED
More InfoOfficial Page
Assigner-airbus
Assigner Org ID-24a3c815-5f22-4d74-967a-30958d6466f4
View Known Exploited Vulnerability (KEV) details
Published At-26 Sep, 2019 | 15:18
Updated At-04 Aug, 2024 | 23:10
Rejected At-
▼CVE Numbering Authority (CNA)
Netskope client command injections vulnerability

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Affected Products
Vendor
Netskope
Product
Netskope client
Platforms
  • x86
Versions
Affected
  • From 57 before Netskope client* (custom)
    • -> unaffectedfrom62
Unaffected
  • Netskope client 60.2.0.214
  • Netskope client 57.2.0.219
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Command injection
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Command injection
Metrics
VersionBase scoreBase severityVector
3.07.8HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.0
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.

Configurations
Workarounds
Exploits
Credits
Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
x_refsource_CONFIRM
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
x_refsource_CONFIRM
https://airbus-seclab.github.io/advisories/netskope.html
x_refsource_MISC
Hyperlink: https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Resource:
x_refsource_CONFIRM
Hyperlink: https://airbus-seclab.github.io/advisories/netskope.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
x_refsource_CONFIRM
x_transferred
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
x_refsource_CONFIRM
x_transferred
https://airbus-seclab.github.io/advisories/netskope.html
x_refsource_MISC
x_transferred
Hyperlink: https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://airbus-seclab.github.io/advisories/netskope.html
Resource:
x_refsource_MISC
x_transferred
Details not found