CVE-2022-4149

The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:34

Type Values Removed Values Added
References () https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 - Vendor Advisory () https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 - Vendor Advisory

30 Jun 2023, 00:08

Type Values Removed Values Added
CWE CWE-367
References (MISC) https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 - (MISC) https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 - Vendor Advisory
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.0

15 Jun 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-15 07:15

Updated : 2024-11-21 07:34


NVD link : CVE-2022-4149

Mitre link : CVE-2022-4149

CVE.ORG link : CVE-2022-4149


JSON object : View

Products Affected

netskope

  • netskope

microsoft

  • windows
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition