CVE-2023-4996

Name of the Vulnerable Software and Affected Versions Netskope NSClient versions 100 and prior

Description A security issue was discovered in the NSClient product where a malicious non-admin user can disable the Netskope client using a specially-crafted package. The root cause is a user control code that does not validate user permissions before execution when called by a Windows ServiceController, allowing it to terminate the NSClient service.

Recommendations For versions 100 and prior, update to a version later than 100 to resolve the issue. As a temporary workaround, consider restricting access to the user control code to prevent unauthorized execution until a patch is available.