We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.
Reserved 2023-09-15 | Published 2023-11-06 | Updated 2024-09-05 | Assigner NetskopeCWE-281 Improper Preservation of Permissions
Netskope credits Alexander Katziv from Novartis for reporting this flaw.
www.netskope.com/...tskope-security-advisory-nskpsa-2023-003
Support options