CVE-2022-4149

Name of the Vulnerable Software and Affected Versions Netskope client service versions prior to R96

Description The issue is related to a synchronization error when using a shared resource, which can be exploited by a malicious local user to elevate privileges. The Netskope client service runs as NT AUTHORITYSYSTEM and writes log files to a writable directory for a standard user. A race condition is created when the service restarts, allowing a malicious user to create a file and set ACL permissions. This can make all files within the directory modifiable by an unprivileged user, and by using Windows pseudo-symlink, these files can be pointed to other places in the system, enabling malicious users to elevate privileges.

Recommendations For versions prior to R96, consider disabling the logplaceholder file until a patch is available to prevent exploitation of the race condition. Restrict access to the C:UsersPublic etSkope directory to minimize the risk of exploitation. Avoid using Windows pseudo-symlink on the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.