From thehackernews.com
A high-severity security flaw has been disclosed in N-Able’s Take Control Agent that could be exploited by a local unprivileged attacker to gain SYSTEM privileges.
Tracked as CVE-2023-27470 (CVSS score: 8.8), the issue relates to a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability, which, when successfully exploited, could be leveraged to delete arbitrary files on a Windows system.
The security shortcoming, which impacts versions 7.0.41.1141 and prior, has been addressed in version 7.0.43 released on March 15, 2023, following responsible disclosure by Mandiant on February 27, 2023.