What is CVE-2019-12091?

CVE-2019-12091 is a vulnerability in the Netskope client service that allows local users to execute arbitrary commands with NT\SYSTEM privilege.

How severe is CVE-2019-12091?

CVE-2019-12091 has a severity rating of 7.8 (high).

Which versions of Netskope are affected by CVE-2019-12091?

CVE-2019-12091 affects Netskope client service versions 57 before 57.2.0.219 and versions 60 before 60.2.0.214.

How can local users exploit CVE-2019-12091?

Local users can exploit CVE-2019-12091 to execute arbitrary commands by leveraging the command injection vulnerability in the Netskope client service.

Where can I find more information about CVE-2019-12091?

You can find more information about CVE-2019-12091 in the following references: [1] [2] [3]

Vulnerability/
CVE-2019-12091

high

7.8

CWE

78 77

26/9/2019

4/8/2024

CVE-2019-12091: Netskope client command injections vulnerability

First published: Thu Sep 26 2019(Updated: )

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.

Credit: cert@airbus.com

Affected Software	Affected Version	How to fix
Netskope	>=57<57.2.0.219
Netskope	>=60<60.2.0.214

Remedy

Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-12091?
CVE-2019-12091 is a vulnerability in the Netskope client service that allows local users to execute arbitrary commands with NT\SYSTEM privilege.
How severe is CVE-2019-12091?
CVE-2019-12091 has a severity rating of 7.8 (high).
Which versions of Netskope are affected by CVE-2019-12091?
CVE-2019-12091 affects Netskope client service versions 57 before 57.2.0.219 and versions 60 before 60.2.0.214.
How can local users exploit CVE-2019-12091?
Local users can exploit CVE-2019-12091 to execute arbitrary commands by leveraging the command injection vulnerability in the Netskope client service.
Where can I find more information about CVE-2019-12091?
You can find more information about CVE-2019-12091 in the following references: [1] [2] [3]

agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/references
agent/author
agent/severity
agent/remedy
agent/title
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/netskope
canonical/netskope
version/netskope/57
version/netskope/60

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.