ncp-e 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2019-25281 | NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | [email protected] | 8.5 | 0.16% | 2026-02-04 | 2026-06-16 |
| CVE-2025-26155 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | [email protected] | 9.8 | 0.48% | 2025-11-26 | 2026-06-17 |
| CVE-2023-28872 | Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | [email protected] | 8.8 | 0.77% | 2023-12-25 | 2026-06-17 |
| CVE-2023-28871 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | [email protected] | 4.3 | 0.59% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28870 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | [email protected] | 6.5 | 0.70% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28869 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | [email protected] | 6.5 | 0.77% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28868 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | [email protected] | 8.1 | 0.85% | 2023-12-09 | 2026-06-17 |
| CVE-2020-11474 | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | [email protected] | 7.8 | 0.53% | 2020-07-28 | 2026-06-16 |
| CVE-2017-17023 | The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x | [email protected] | 8.1 | 0.61% | 2019-04-09 | 2026-06-16 |
| CVE-2010-5203 | Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party info | [email protected] | 6.9 | 0.35% | 2012-09-06 | 2026-06-16 |