CVE-2023-37244
5.3
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| N-Able | AutomationManagerAgent | 0 <= 2.80.0.1 | affected |
Weaknesses
- CWE-362: CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.