CVE-2017-17023

NONE EPSS 44.9%
Published Apr 9, 20197y ago · Modified Jun 17, 20262w ago
Find Similar
Published Apr 9, 2019 7y ago
Last Modified Jun 17, 2026 2w ago

Description

The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x86_1004_31799.exe (NCP), and ncpmon.exe (both Sophos and NCP). The vulnerability exists because: (1) the VPN client requests update metadata over an insecure HTTP connection; and (2) the client software does not check if the software update is signed before running it.

Threat Intelligence

EPSS Exploit Probability
44.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-345

Affected Products 2

VendorProductVersionRange
ncp-encp_secure_entry_client10.11any
sophosipsec_client11.04any

References 2

  • ncp-e.com https://www.ncp-e.com/en/resources/download-vpn-client/#c8680
    Vendor Advisory
  • ncp-e.com https://www.ncp-e.com/fileadmin/pdf/service_support/release_notes/NCP_Secure_Clients/NCP_Secure_Entry_Client/NCP_RN_Win_Secure_Entry_Client_11_14_r42039_en.pdf
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.