N-Ables Take Control Agent Vulnerability Exposes Windows Systems to Privilege Escalation
14-Sep-23
The Take Control Agent from N-Able contains a high-severity security issue that could allow a local, unauthorized attacker to gain SYSTEM privileges. The problem, identified as CVE-2023-27470 (CVSS score: 8.8), relates to a race condition vulnerability called Time-of-Check to Time-of-Use (TOCTOU) that, if exploited, might be used to erase any files on a Windows machine.
Version 7.0.43, which was released on March 15, 2023, has the security flaw fixed that affects versions 7.0.41.1141 and earlier. Mandiant made the responsible disclosure on February 27, 2023.From the Time of Check to theA software fault known as usage occurs when a program checks the state of a resource for a particular value, but the value changes before the resource is actually used, rendering the results of the check invalid.
