Airbus security lab publications

CVE-2019-12091

Description:

The Netskope client service, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Vulnerability type:

CWE-78 Command injection

Vendor of Product:

Netskope

Affected Product Code Base:

Affected Component:

Netskope Client on Windows

Attack Type:

Local

Impact Code execution:

Yes

Attack Vectors:

An authenticated user can interact with the Netskope Client service through a local network socket and trigger an command injection.

Reference:

Discoverer:

Julien Lenoir, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.

CVE-2019-10882

Description:

The Netskope client service, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in doHandshakefromServer function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.

Vulnerability type:

Stack based buffer overflow

Vendor of Product:

Netskope

Affected Product Code Base:

Affected Component:

Netskope Client on Windows

Attack Type:

Local

CVE Impact:

Memory corruption and denial of service

Attack Vectors:

An authenticated user can interract with the Netskope Client service through a local network socket and trigger an command injection.

Reference:

Discoverer:

Julien Lenoir, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.