3lp4tr0n

1 exploit Active since Sep 2023
CVE-2023-27470 NOMISEC HIGH WORKING POC
N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe
BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.
11 stars
CVSS 7.0