Description
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
INFO
Published Date :
2026-02-04T23:15:52.910Z
Last Modified :
2026-03-05T01:25:57.630Z
Source :
VulnCheck
AFFECTED PRODUCTS
The following products are affected by CVE-2019-25281 vulnerability.
| Vendors | Products |
|---|---|
| Ncp-e |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2019-25281.
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact