CVE-2023-4996 - OpenCVE

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Netskope	Netskope
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Netskope

Published: 2023-11-06T10:16:06.626Z

Updated: 2023-11-06T10:16:06.626Z

Reserved: 2023-09-15T12:39:38.532Z

Link: CVE-2023-4996

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-11-06T11:15:09.593

Modified: 2023-11-14T17:04:04.747

Link: CVE-2023-4996

JSON object: View

Redhat Information

No data.

CWE

CWE-281

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-4996", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "state": "PUBLISHED", "assignerShortName": "Netskope", "dateReserved": "2023-09-15T12:39:38.532Z", "datePublished": "2023-11-06T10:16:06.626Z", "dateUpdated": "2023-11-06T10:16:06.626Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Netskope Client", "vendor": "Netskope", "versions": [{"status": "affected", "version": "100 & prior"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Netskope credits Alexander Katziv from Novartis for reporting this flaw."}], "datePublic": "2023-11-06T10:08:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. </span><br>"}], "value": "Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\n"}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Netskope is not aware of any public exploitations of the issue till the advisory is published.</span><br>"}], "value": "Netskope is not aware of any public exploitations of the issue till the advisory is published.\n"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-281", "description": "CWE-281 Improper Preservation of Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2023-11-06T10:16:06.626Z"}, "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Netskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013 </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts\">Download Netskope Client and Scripts \u2013 Netskope Support</a><br>"}], "value": "Netskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013 Download Netskope Client and Scripts \u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \n"}], "source": {"advisory": "NSKPSA-2023-003", "discovery": "UNKNOWN"}, "title": "Local privilege escalation ", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*", "matchCriteriaId": "98612592-323E-49C8-A987-AB299839184E", "versionEndExcluding": "101", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\n"}, {"lang": "es", "value": "Netskope fue informado de una vulnerabilidad de seguridad en su producto NSClient para la versi\u00f3n 100 y anteriores donde un usuario malintencionado que no sea administrador puede desactivar el cliente Netskope mediante el uso de un paquete especialmente manipulado. La causa principal del problema fue que un c\u00f3digo de control de usuario cuando lo llamaba un ServiceController de Windows no validaba los permisos asociados con el usuario antes de ejecutar el c\u00f3digo de control de usuario. Este c\u00f3digo de control de usuario ten\u00eda permisos para finalizar el servicio NSClient."}], "id": "CVE-2023-4996", "lastModified": "2023-11-14T17:04:04.747", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.7, "source": "psirt@netskope.com", "type": "Secondary"}]}, "published": "2023-11-06T11:15:09.593", "references": [{"source": "psirt@netskope.com", "tags": ["Vendor Advisory"], "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"}], "sourceIdentifier": "psirt@netskope.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-281"}], "source": "psirt@netskope.com", "type": "Secondary"}]}