Vulnerabilities (CVE)

Filtered by vendor Ncp-e Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28871 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 N/A 4.3 MEDIUM
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link.
CVE-2023-28869 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 N/A 6.5 MEDIUM
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link.
CVE-2023-28872 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 N/A 8.8 HIGH
Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location.
CVE-2023-28868 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 N/A 8.1 HIGH
Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link.
CVE-2023-28870 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 N/A 6.5 MEDIUM
Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts.
CVE-2020-11474 1 Ncp-e 1 Secure Enterprise Client 2024-02-28 4.6 MEDIUM 7.8 HIGH
NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
CVE-2017-17023 2 Ncp-e, Sophos 2 Ncp Secure Entry Client, Ipsec Client 2024-02-28 9.3 HIGH 8.1 HIGH
The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.
CVE-2010-5203 1 Ncp-e 3 Secure Client, Secure Enterprise Client, Secure Entry Client 2024-02-28 6.9 MEDIUM N/A
Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party information.