CVE-2023-4996 (GCVE-0-2023-4996)
Vulnerability from cvelistv5
Published
2023-11-06 10:16
Modified
2024-09-05 15:19
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE
  • CWE-281 - Improper Preservation of Permissions
Summary
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. 
References
psirt@netskope.comhttps://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003Vendor Advisory
Impacted products
Vendor Product Version
Netskope Netskope Client Version: 100 & prior
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.768Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T15:18:52.458920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T15:19:00.692Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Netskope Client",
          "vendor": "Netskope",
          "versions": [
            {
              "status": "affected",
              "version": "100 \u0026 prior"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Netskope credits Alexander Katziv from Novartis for reporting this flaw."
        }
      ],
      "datePublic": "2023-11-06T10:08:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026amp; prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Netskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026 prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope is not aware of any public exploitations of the issue till the advisory is published.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Netskope is not aware of any public exploitations of the issue till the advisory is published.\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-554",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-554 Functionality Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281 Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-06T10:16:06.626Z",
        "orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
        "shortName": "Netskope"
      },
      "references": [
        {
          "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts\"\u003eDownload Netskope Client and Scripts \u2013 Netskope Support\u003c/a\u003e\u003cbr\u003e"
            }
          ],
          "value": "Netskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013  Download Netskope Client and Scripts \u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \n"
        }
      ],
      "source": {
        "advisory": "NSKPSA-2023-003",
        "discovery": "UNKNOWN"
      },
      "title": "Local privilege escalation ",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
    "assignerShortName": "Netskope",
    "cveId": "CVE-2023-4996",
    "datePublished": "2023-11-06T10:16:06.626Z",
    "dateReserved": "2023-09-15T12:39:38.532Z",
    "dateUpdated": "2024-09-05T15:19:00.692Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4996\",\"sourceIdentifier\":\"psirt@netskope.com\",\"published\":\"2023-11-06T11:15:09.593\",\"lastModified\":\"2024-11-21T08:36:25.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Netskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026 prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\\n\"},{\"lang\":\"es\",\"value\":\"Netskope fue informado de una vulnerabilidad de seguridad en su producto NSClient para la versi\u00f3n 100 y anteriores donde un usuario malintencionado que no sea administrador puede desactivar el cliente Netskope mediante el uso de un paquete especialmente manipulado. La causa principal del problema fue que un c\u00f3digo de control de usuario cuando lo llamaba un ServiceController de Windows no validaba los permisos asociados con el usuario antes de ejecutar el c\u00f3digo de control de usuario. Este c\u00f3digo de control de usuario ten\u00eda permisos para finalizar el servicio NSClient.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@netskope.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":4.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"psirt@netskope.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-281\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-281\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"101\",\"matchCriteriaId\":\"98612592-323E-49C8-A987-AB299839184E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003\",\"source\":\"psirt@netskope.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:44:53.768Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4996\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-05T15:18:52.458920Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-05T15:18:57.013Z\"}}], \"cna\": {\"title\": \"Local privilege escalation \", \"source\": {\"advisory\": \"NSKPSA-2023-003\", \"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Netskope credits Alexander Katziv from Novartis for reporting this flaw.\"}], \"impacts\": [{\"capecId\": \"CAPEC-554\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-554 Functionality Bypass\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Netskope\", \"product\": \"Netskope Client\", \"versions\": [{\"status\": \"affected\", \"version\": \"100 \u0026 prior\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Netskope is not aware of any public exploitations of the issue till the advisory is published.\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNetskope is not aware of any public exploitations of the issue till the advisory is published.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Netskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \\u2013  Download Netskope Client and Scripts \\u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNetskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \\u2013 \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts\\\"\u003eDownload Netskope Client and Scripts \\u2013 Netskope Support\u003c/a\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-11-06T10:08:00.000Z\", \"references\": [{\"url\": \"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Netskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026 prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\\u00a0\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eNetskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026amp; prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-281\", \"description\": \"CWE-281 Improper Preservation of Permissions\"}]}], \"providerMetadata\": {\"orgId\": \"bf992f6a-e49d-4e94-9479-c4cff32c62bc\", \"shortName\": \"Netskope\", \"dateUpdated\": \"2023-11-06T10:16:06.626Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4996\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-05T15:19:00.692Z\", \"dateReserved\": \"2023-09-15T12:39:38.532Z\", \"assignerOrgId\": \"bf992f6a-e49d-4e94-9479-c4cff32c62bc\", \"datePublished\": \"2023-11-06T10:16:06.626Z\", \"assignerShortName\": \"Netskope\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.