Vulnerabilities > NCP E

DATE CVE VULNERABILITY TITLE RISK
2023-12-25 CVE-2023-28872 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15/12.22
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
network
low complexity
ncp-e CWE-59
8.8
2023-12-09 CVE-2023-28868 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
8.1
2023-12-09 CVE-2023-28869 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
6.5
2023-12-09 CVE-2023-28870 Incorrect Default Permissions vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
network
low complexity
ncp-e CWE-276
6.5
2023-12-09 CVE-2023-28871 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
network
low complexity
ncp-e CWE-59
4.3
2020-07-28 CVE-2020-11474 Link Following vulnerability in Ncp-E Secure Enterprise Client 10.14/10.15
NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
local
low complexity
ncp-e CWE-59
4.6
2019-04-09 CVE-2017-17023 Insufficient Verification of Data Authenticity vulnerability in multiple products
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com).
network
ncp-e sophos CWE-345
critical
9.3
2012-09-06 CVE-2010-5203 Unspecified vulnerability in Ncp-E products
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file.
local
ncp-e
6.9