Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Netskope
Published: 2023-11-06T10:16:06.626Z
Updated: 2024-09-05T15:19:00.692Z
Reserved: 2023-09-15T12:39:38.532Z
Link: CVE-2023-4996
Vulnrichment
Updated: 2024-08-02T07:44:53.768Z
NVD
Status : Modified
Published: 2023-11-06T11:15:09.593
Modified: 2024-11-21T08:36:25.640
Link: CVE-2023-4996
Redhat
No data.