A CVSS score of 8.8 makes you wonder if you have the latest updates installed.
A critical vulnerability has been identified Take Control Agent program from N-Able, which allows an attacker with local rights of an unprivileged user to gain system privileges. This security breach is registered under the identifier CVE-2023-27470 and has a CVSS risk rating of 8.8.
Take Control Agent is used to provide remote technical support and management of computer systems. This utility allows IT professionals to instantly connect to workstations or servers to solve problems, update software, or perform other support and administration tasks.
The identified problem is related to the TOCTOU (Time-of-Check to Time-of-Use) class of software errors, which, if successfully used in the Take Control Agent, can be used to delete arbitrary files on a Windows system.
The vulnerability affects Take Control Agent versions 7.0.41.1141 and earlier. This vulnerability was fixed in version 7.0.43, released on March 15, 2023. While responsible disclosure of the vulnerability to the development team was made by Mandiant on February 27, 2023.
TOCTOU is a type of vulnerability in which the program checks the state of a resource for a specific value, but this value changes before it is actually used. Exploiting such a vulnerability can lead to a violation of the system integrity and unauthorized actions.
According to Mandiant, the vulnerability occurs due to the race condition in the Take Control Agent between logging multiple file deletion events and each deletion action from a specific folder. "A process can accidentally delete files by acting on behalf of the NT AUTHORITY\SYSTEM system account," said Andrew Olivo, a security researcher at Mandiant.
Moreover, deleting arbitrary files can be used to gain elevated privileges, potentially leading to malicious code execution. Olivo added that file deletion attacks are no longer limited to denial-of-service attacks and can actually serve as a means to execute code with elevated privileges.
Thus, a seemingly insignificant process of logging and deleting events in an insecure folder can allow an attacker to create false symbolic links and deceive the system.
Perhaps it is worth noting that although the vulnerability was fixed back in March, users of this software should make sure that they are using the most up-to-date version of the software.
We regularly report exploiting vulnerabilities that were fixed a year or more ago, but are still actively used by attackers, because users are in no hurry to update. This is a very relevant and widespread problem in our time.
A critical vulnerability has been identified Take Control Agent program from N-Able, which allows an attacker with local rights of an unprivileged user to gain system privileges. This security breach is registered under the identifier CVE-2023-27470 and has a CVSS risk rating of 8.8.
Take Control Agent is used to provide remote technical support and management of computer systems. This utility allows IT professionals to instantly connect to workstations or servers to solve problems, update software, or perform other support and administration tasks.
The identified problem is related to the TOCTOU (Time-of-Check to Time-of-Use) class of software errors, which, if successfully used in the Take Control Agent, can be used to delete arbitrary files on a Windows system.
The vulnerability affects Take Control Agent versions 7.0.41.1141 and earlier. This vulnerability was fixed in version 7.0.43, released on March 15, 2023. While responsible disclosure of the vulnerability to the development team was made by Mandiant on February 27, 2023.
TOCTOU is a type of vulnerability in which the program checks the state of a resource for a specific value, but this value changes before it is actually used. Exploiting such a vulnerability can lead to a violation of the system integrity and unauthorized actions.
According to Mandiant, the vulnerability occurs due to the race condition in the Take Control Agent between logging multiple file deletion events and each deletion action from a specific folder. "A process can accidentally delete files by acting on behalf of the NT AUTHORITY\SYSTEM system account," said Andrew Olivo, a security researcher at Mandiant.
Moreover, deleting arbitrary files can be used to gain elevated privileges, potentially leading to malicious code execution. Olivo added that file deletion attacks are no longer limited to denial-of-service attacks and can actually serve as a means to execute code with elevated privileges.
Thus, a seemingly insignificant process of logging and deleting events in an insecure folder can allow an attacker to create false symbolic links and deceive the system.
Perhaps it is worth noting that although the vulnerability was fixed back in March, users of this software should make sure that they are using the most up-to-date version of the software.
We regularly report exploiting vulnerabilities that were fixed a year or more ago, but are still actively used by attackers, because users are in no hurry to update. This is a very relevant and widespread problem in our time.
