The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: airbus
Published: 2019-09-26T15:18:00
Updated: 2024-08-04T23:10:30.196Z
Reserved: 2019-05-14T00:00:00
Link: CVE-2019-12091
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-26T16:15:11.003
Modified: 2024-11-21T04:22:11.063
Link: CVE-2019-12091
Redhat
No data.