Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation in N-Able's AutomationManagerAgent
Vulnerability Description
The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Vulnerability Title
N‑able N-Central 安全漏洞
Vulnerability Description
N‑able N-Central是N‑able公司的一个功能强大、可定制的远程监控和管理平台。 N‑able N-Central存在安全漏洞,该漏洞源于AutomationManager.AgentService.exe 应用程序包含 TOCTOU 竞争条件,允许标准用户创建伪符号链接,攻击者利用该漏洞可以操纵进程执行任意文件删除。
CVSS Information
N/A
Vulnerability Type
N/A