We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4996

Local privilege escalation



AssignerNetskope
Reserved2023-09-15
Published2023-11-06
Updated2024-09-05

Description

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.



MEDIUM: 6.6CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Problem types

CWE-281 Improper Preservation of Permissions

Product status

Default status
0x4000584f60

100 & prior
affected

Credits

Netskope credits Alexander Katziv from Novartis for reporting this flaw. 0x4000584fa0

References

https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003

cve.org CVE-2023-4996

nvd.nist.gov CVE-2023-4996

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-4996
Subscribe to our newsletter to learn more about our work.