Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 08:36
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-06 11:15
Updated : 2024-11-21 08:36
NVD link : CVE-2023-4996
Mitre link : CVE-2023-4996
CVE.ORG link : CVE-2023-4996
JSON object : View
Products Affected
netskope
- netskope
microsoft
- windows
CWE
CWE-281
Improper Preservation of Permissions