Vulnerability Description
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netskope | Netskope | < 101 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.netskope.com/company/security-compliance-and-assurance/security-adviVendor Advisory
- https://www.netskope.com/company/security-compliance-and-assurance/security-adviVendor Advisory
FAQ
What is CVE-2023-4996?
CVE-2023-4996 is a vulnerability with a CVSS score of 6.6 (MEDIUM). Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted packag...
How severe is CVE-2023-4996?
CVE-2023-4996 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4996?
Check the references section above for vendor advisories and patch information. Affected products include: Netskope Netskope, Microsoft Windows.