CVE-2023-4996

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

14 Nov 2023, 17:04

Type	Values Removed	Values Added
CWE		CWE-281
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Netskope netskope Microsoft windows Microsoft Netskope
CPE		cpe:2.3:a:netskope:netskope:::::::: cpe:2.3:o:microsoft:windows:-:::::::*
References	~~(MISC) https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003 -~~	(MISC) https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003 - Vendor Advisory

06 Nov 2023, 11:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-06 11:15

Updated : 2023-12-10 15:14

NVD link : CVE-2023-4996

Mitre link : CVE-2023-4996

CVE.ORG link : CVE-2023-4996

JSON object : View

Products Affected

microsoft

windows

netskope

netskope

CWE

CWE-281

Improper Preservation of Permissions

{"id": "CVE-2023-4996", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "psirt@netskope.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 4.7, "exploitabilityScore": 1.8}]}, "published": "2023-11-06T11:15:09.593", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003", "tags": ["Vendor Advisory"], "source": "psirt@netskope.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-281"}]}, {"type": "Secondary", "source": "psirt@netskope.com", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\n"}, {"lang": "es", "value": "Netskope fue informado de una vulnerabilidad de seguridad en su producto NSClient para la versi\u00f3n 100 y anteriores donde un usuario malintencionado que no sea administrador puede desactivar el cliente Netskope mediante el uso de un paquete especialmente manipulado. La causa principal del problema fue que un c\u00f3digo de control de usuario cuando lo llamaba un ServiceController de Windows no validaba los permisos asociados con el usuario antes de ejecutar el c\u00f3digo de control de usuario. Este c\u00f3digo de control de usuario ten\u00eda permisos para finalizar el servicio NSClient."}], "lastModified": "2023-11-14T17:04:04.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98612592-323E-49C8-A987-AB299839184E", "versionEndExcluding": "101"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@netskope.com"}