We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4996

Local privilege escalation



Description

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.

Reserved 2023-09-15 | Published 2023-11-06 | Updated 2024-09-05 | Assigner Netskope


MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-281 Improper Preservation of Permissions

Product status

Default status
unaffected

100 & prior
affected

Credits

Netskope credits Alexander Katziv from Novartis for reporting this flaw. finder

References

www.netskope.com/...tskope-security-advisory-nskpsa-2023-003

cve.org (CVE-2023-4996)

nvd.nist.gov (CVE-2023-4996)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4996

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.