Lucene search
MitreCVE-2023-27470HistorySep 11, 2023 - 3:15 p.m.
CVE-2023-27470
2023-09-1115:15:52
CWE-367
mitre
web.nvd.nist.gov
69
cve-2023-27470
n-able
take control agent
toctou
race condition
arbitrary file deletion
security vulnerability
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
Affected configurations
Node
n-abletake_controlRange<7.0.43
microsoftwindowsMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| n-able | take_control | * | cpe:2.3:a:n-able:take_control:*:*:*:*:*:*:*:* |
| microsoft | windows | - | cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* |
Related
githubexploit
githubexploit
nvd
nvd
CVE-2023-27470
2023-09-11 15:15:52
prion
prion
Race condition
2023-09-11 15:15:00
thn
thn
vulnrichment
vulnrichment
CVE-2023-27470
2023-09-11 00:00:00
cvelist
cvelist
CVE-2023-27470
2023-09-11 00:00:00
CVSS3
7
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0
Percentile
9.0%
Related for CVE-2023-27470