CVE-2023-4996

CVSS V2 None CVSS V3 None

Description

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.

Overview

CVE ID
CVE-2023-4996

Assigner
Netskope

Vulnerability Status
PUBLISHED

Published Version
2023-11-06T10:16:06.626Z

Last Modified Date
2023-11-06T10:16:06.626Z

Weakness Enumerations

CWE	URL
CWE-281	http://cwe.mitre.org/data/definitions/281.html

References

Reference URL	Reference Tags
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4996
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4996

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 19:10:14				Added to TrackCVE