CVE-2023-27470

Description

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.

NVD

Severity: HIGH
CVE ID: CVE-2023-27470
CVSS Score: 7.0
CVSS Metrics: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

3lp4tr0n

Refrence: GitHub