汇总 ncp-e 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 路径处理缺陷,在 软件部署与生产负载 使用场景中可能带来 文件覆盖 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-26155 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | [email protected] | 9.8 | 0.48% | 2025-11-26 | 2025-12-30 |
| CVE-2023-28872 | Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | [email protected] | 8.8 | 0.77% | 2023-12-25 | 2024-11-21 |
| CVE-2023-28871 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | [email protected] | 4.3 | 0.59% | 2023-12-09 | 2024-11-21 |
| CVE-2023-28870 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | [email protected] | 6.5 | 0.70% | 2023-12-09 | 2024-11-21 |
| CVE-2023-28869 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | [email protected] | 6.5 | 0.77% | 2023-12-09 | 2024-11-21 |
| CVE-2023-28868 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | [email protected] | 8.1 | 0.85% | 2023-12-09 | 2024-11-21 |
| CVE-2020-11474 | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | [email protected] | 7.8 | 0.53% | 2020-07-28 | 2024-11-21 |
| CVE-2017-17023 | The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x | [email protected] | 8.1 | 0.61% | 2019-04-09 | 2024-11-21 |
| CVE-2010-5203 | Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party info | [email protected] | 6.9 | 0.35% | 2012-09-06 | 2026-04-29 |