Netskope · Netskope Client · CVE-2023-4996
**Name of the Vulnerable Software and Affected Versions**
Netskope NSClient versions 100 and prior
**Description**
A security issue was discovered in the NSClient product where a malicious non-admin user can disable the Netskope client using a specially-crafted package. The root cause is a user control code that does not validate user permissions before execution when called by a Windows ServiceController, allowing it to terminate the NSClient service.
**Recommendations**
For versions 100 and prior, update to a version later than 100 to resolve the issue.
As a temporary workaround, consider restricting access to the user control code to prevent unauthorized execution until a patch is available.