Vulnerabilities > CVE-2023-4996 - Improper Preservation of Permissions vulnerability in Netskope

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

netskope

CWE-281

NVD

Published: 2023-11-06

Updated: 2023-11-14

Summary

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.

Vulnerable Configurations

Part	Description	Count
Application	Netskope Netskope Netskope 57 Netskope Netskope 57.2.0.219 Netskope Netskope 60 Netskope Netskope 60.2.0.214 Netskope Netskope 75.0 Netskope Netskope 77 Netskope Netskope 78 Netskope Netskope 91.0.0 Netskope Netskope 95 Netskope Netskope 99 Netskope Netskope 100	11
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003