Vulnerabilities > NCP E
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-25 | CVE-2023-28872 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22 Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | 8.8 |
2023-12-09 | CVE-2023-28868 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 |
2023-12-09 | CVE-2023-28869 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 |
2023-12-09 | CVE-2023-28870 | Incorrect Default Permissions vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | 6.5 |
2023-12-09 | CVE-2023-28871 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | 4.3 |
2020-07-28 | CVE-2020-11474 | Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15 NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | 7.8 |
2019-04-09 | CVE-2017-17023 | Insufficient Verification of Data Authenticity vulnerability in multiple products The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). | 8.1 |