CVE-2023-2270

Name of the Vulnerable Software and Affected Versions Netskope client versions prior to R100

Description The Netskope client service, running with NTSYSTEM privileges, accepts network connections from localhost to start various services and execute commands. A connection handling function in the service uses a relative path to download and unzip configuration files, allowing local users to write arbitrary files in a location accessible only to higher privileged users. This can be exploited by local users to execute code with NTSYSTEM privileges on the end machine.

Recommendations For versions prior to R100, update to R100 or later to resolve the issue. As a temporary workaround, consider restricting access to the connection handling function to minimize the risk of exploitation. Avoid using the relative path for downloading and unzipping configuration files until the issue is resolved.