{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T20:44:42.018","vulnerabilities":[{"cve":{"id":"CVE-2023-4996","sourceIdentifier":"psirt@netskope.com","published":"2023-11-06T11:15:09.593","lastModified":"2024-11-21T08:36:25.640","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. \n"},{"lang":"es","value":"Netskope fue informado de una vulnerabilidad de seguridad en su producto NSClient para la versión 100 y anteriores donde un usuario malintencionado que no sea administrador puede desactivar el cliente Netskope mediante el uso de un paquete especialmente manipulado. La causa principal del problema fue que un código de control de usuario cuando lo llamaba un ServiceController de Windows no validaba los permisos asociados con el usuario antes de ejecutar el código de control de usuario. Este código de control de usuario tenía permisos para finalizar el servicio NSClient."}],"metrics":{"cvssMetricV31":[{"source":"psirt@netskope.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","baseScore":6.6,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"psirt@netskope.com","type":"Secondary","description":[{"lang":"en","value":"CWE-281"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-281"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*","versionEndExcluding":"101","matchCriteriaId":"98612592-323E-49C8-A987-AB299839184E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003","source":"psirt@netskope.com","tags":["Vendor Advisory"]},{"url":"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}