彙總 ncp-e 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 路徑處理缺陷,在 軟體部署與生產負載 使用場景中可能帶來 檔案覆寫 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2019-25281 | NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup. | [email protected] | 8.5 | 0.16% | 2026-02-04 | 2026-06-16 |
| CVE-2025-26155 | NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability. | [email protected] | 9.8 | 0.48% | 2025-11-26 | 2026-06-17 |
| CVE-2023-28872 | Support Assistant in NCP Secure Enterprise Client before 13.10 allows attackers to execute DLL files with SYSTEM privileges by creating a symbolic link from a %LOCALAPPDATA%\Temp\NcpSupport* location. | [email protected] | 8.8 | 0.77% | 2023-12-25 | 2026-06-17 |
| CVE-2023-28871 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | [email protected] | 4.3 | 0.59% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28870 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | [email protected] | 6.5 | 0.70% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28869 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | [email protected] | 6.5 | 0.77% | 2023-12-09 | 2026-06-17 |
| CVE-2023-28868 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | [email protected] | 8.1 | 0.85% | 2023-12-09 | 2026-06-17 |
| CVE-2020-11474 | NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant. | [email protected] | 7.8 | 0.53% | 2020-07-28 | 2026-06-16 |
| CVE-2017-17023 | The Sophos UTM VPN endpoint interacts with client software provided by NPC Engineering (www.ncp-e.com). The affected client software, "Sophos IPSec Client" 11.04 is a rebranded version of NCP "Secure Entry Client" 10.11 r32792. A vulnerability in the software update feature of the VPN client allows a man-in-the-middle (MITM) or man-on-the-side (MOTS) attacker to execute arbitrary, malicious software on a target user's computer. This is related to SIC_V11.04-64.exe (Sophos), NCP_EntryCl_Windows_x | [email protected] | 8.1 | 0.61% | 2019-04-09 | 2026-06-16 |
| CVE-2010-5203 | Multiple untrusted search path vulnerabilities in NCP Secure Enterprise Client before 9.21 Build 68, Secure Entry Client before 9.23 Build 18, and Secure Client - Juniper Edition before 9.23 Build 18 allow local users to gain privileges via a Trojan horse (1) dvccsabase002.dll, (2) conman.dll, (3) kmpapi32.dll, or (4) ncpmon2.dll file in the current working directory, as demonstrated by a directory that contains a .pcf or .spd file. NOTE: some of these details are obtained from third party info | [email protected] | 6.9 | 0.35% | 2012-09-06 | 2026-06-16 |