CVE-2023-27470

HIGH

N-able Take Control < 7.0.43 - Arbitrary File Deletion via TOCTOU Race Condition in BASupSrvcUpdater.exe

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-27470. PoCs published by 3lp4tr0n.

AI-analyzed exploit summary This repository contains a functional proof-of-concept for CVE-2023-27470, demonstrating an arbitrary file deletion vulnerability that can lead to local privilege escalation (LPE). The code monitors and deletes files in a specific directory, which can be exploited to escalate privileges by deleting critical system files.

Description

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

Exploits (1)

nomisec WORKING POC 11 stars
by 3lp4tr0n · poc
https://github.com/3lp4tr0n/CVE-2023-27470_Exercise

This repository contains a functional proof-of-concept for CVE-2023-27470, demonstrating an arbitrary file deletion vulnerability that can lead to local privilege escalation (LPE). The code monitors and deletes files in a specific directory, which can be exploited to escalate privileges by deleting critical system files.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Windows systems with vulnerable file deletion mechanisms
Auth required
Prerequisites: Elevated account to run the executable · Access to the target directory (C:\programdata\PushUpdates\*)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 7.0
EPSS 0.0054
EPSS Percentile 40.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (1)
n-able/take_control < 7.0.43
Published Sep 11, 2023
Tracked Since Feb 18, 2026