cnvd - cnvd-2019-43359

CNVD-2019-43359

Vulnerability from cnvd - Published: 2019-12-02

Title

Netskope Client命令注入漏洞

Description

Netskope Client是美国Netskope公司的一款用于连接管理Netskope云平台的客户端程序。 Netskope Client 57.2.0.219之前的57版本和60.2.0.214之前的60版本中的连接处理功能存在命令注入漏洞。该漏洞源于外部输入数据构造可执行命令过程中，网络系统或产品未正确过滤其中的特殊元素。攻击者可利用该漏洞执行非法命令。

Severity

高

Patch Name

Netskope Client命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.netskope.com

Reference

https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client

Impacted products

Name
['Netskope Netskope Client 57;<57.2.0.219', 'Netskope Netskope Client 60;<60.2.0.214']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-12091",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-12091"
    }
  },
  "description": "Netskope Client\u662f\u7f8e\u56fdNetskope\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8fde\u63a5\u7ba1\u7406Netskope\u4e91\u5e73\u53f0\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002\n\nNetskope Client 57.2.0.219\u4e4b\u524d\u768457\u7248\u672c\u548c60.2.0.214\u4e4b\u524d\u768460\u7248\u672c\u4e2d\u7684\u8fde\u63a5\u5904\u7406\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.netskope.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-43359",
  "openTime": "2019-12-02",
  "patchDescription": "Netskope Client\u662f\u7f8e\u56fdNetskope\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u8fde\u63a5\u7ba1\u7406Netskope\u4e91\u5e73\u53f0\u7684\u5ba2\u6237\u7aef\u7a0b\u5e8f\u3002\r\n\r\nNetskope Client 57.2.0.219\u4e4b\u524d\u768457\u7248\u672c\u548c60.2.0.214\u4e4b\u524d\u768460\u7248\u672c\u4e2d\u7684\u8fde\u63a5\u5904\u7406\u529f\u80fd\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u53ef\u6267\u884c\u547d\u4ee4\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u975e\u6cd5\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Netskope Client\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Netskope Netskope Client 57;\u003c57.2.0.219",
      "Netskope Netskope Client 60;\u003c60.2.0.214"
    ]
  },
  "referenceLink": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
  "serverity": "\u9ad8",
  "submitTime": "2019-10-08",
  "title": "Netskope Client\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2019-12091 (GCVE-0-2019-12091)

Vulnerability from cvelistv5 – Published: 2019-09-26 15:18 – Updated: 2024-08-04 23:10

Summary

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-78 - Command injection

Assigner

airbus

References

URL

Tags

	https://support.netskope.com/hc/article_attachmen…	x_refsource_CONFIRM
	https://support.netskope.com/hc/en-us/articles/36…	x_refsource_CONFIRM
	https://airbus-seclab.github.io/advisories/netsko…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Netskope	Netskope client	Unaffected: Netskope client 60.2.0.214 Unaffected: Netskope client 57.2.0.219 Affected: 57 , < Netskope client* (custom)

Credits

Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:10:30.196Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://airbus-seclab.github.io/advisories/netskope.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "x86"
          ],
          "product": "Netskope client",
          "vendor": "Netskope",
          "versions": [
            {
              "status": "unaffected",
              "version": "Netskope client 60.2.0.214"
            },
            {
              "status": "unaffected",
              "version": "Netskope client 57.2.0.219"
            },
            {
              "changes": [
                {
                  "at": "62",
                  "status": "unaffected"
                }
              ],
              "lessThan": "Netskope client*",
              "status": "affected",
              "version": "57",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\\SYSTEM privilege."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Command injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-26T15:18:00",
        "orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
        "shortName": "airbus"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://airbus-seclab.github.io/advisories/netskope.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219.  Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Netskope client command injections vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.6"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@airbus.com",
          "ID": "CVE-2019-12091",
          "STATE": "PUBLIC",
          "TITLE": "Netskope client command injections vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Netskope client",
                      "version": {
                        "version_data": [
                          {
                            "platform": "x86",
                            "version_affected": "\u003e=",
                            "version_name": "Netskope client",
                            "version_value": "57"
                          },
                          {
                            "platform": "x86",
                            "version_affected": "\u003c",
                            "version_name": "Netskope client",
                            "version_value": "62"
                          },
                          {
                            "platform": "x86",
                            "version_affected": "!",
                            "version_name": "Netskope client",
                            "version_value": "60.2.0.214"
                          },
                          {
                            "platform": "x86",
                            "version_affected": "!",
                            "version_name": "Netskope client",
                            "version_value": "57.2.0.219"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Netskope"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\\SYSTEM privilege."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.6"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-78 Command injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf",
              "refsource": "CONFIRM",
              "url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
            },
            {
              "name": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
              "refsource": "CONFIRM",
              "url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
            },
            {
              "name": "https://airbus-seclab.github.io/advisories/netskope.html",
              "refsource": "MISC",
              "url": "https://airbus-seclab.github.io/advisories/netskope.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219.  Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
    "assignerShortName": "airbus",
    "cveId": "CVE-2019-12091",
    "datePublished": "2019-09-26T15:18:00",
    "dateReserved": "2019-05-14T00:00:00",
    "dateUpdated": "2024-08-04T23:10:30.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-43359

CVE-2019-12091 (GCVE-0-2019-12091)

Tags

Sightings

Nomenclature