CVE-2019-10882 Vulnerability Details

  /     /     /  

CVE-2019-10882 Metadata Quick Info

CVE Published: 26/09/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: airbus | Vendor: Netskope | Product: Netskope client
Status : PUBLISHED

---

CVE-2019-10882 Description

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-120
CWE Name: CWE-120 Buffer Overflow
Source: Netskope

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).