CVE-2019-12091

Netskope client command injections vulnerability

Description

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Remediation

Solution:

Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.

References

Link	Tags
https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf	release notes permissions required vendor advisory
https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client	permissions required vendor advisory
https://airbus-seclab.github.io/advisories/netskope.html	third party advisory

Frequently Asked Questions

What is the severity of CVE-2019-12091?: CVE-2019-12091 has been scored as a high severity vulnerability.
How to fix CVE-2019-12091?: To fix CVE-2019-12091: Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.
Is CVE-2019-12091 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-12091 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-12091?: CVE-2019-12091 affects Netskope Netskope client.

Description

Remediation

Category

CWE-78 – Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

References

Frequently Asked Questions