{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-2270","assignerOrgId":"bf992f6a-e49d-4e94-9479-c4cff32c62bc","state":"PUBLISHED","assignerShortName":"Netskope","dateReserved":"2023-04-25T05:16:46.270Z","datePublished":"2023-06-15T04:29:55.133Z","dateUpdated":"2024-08-28T20:30:16.499Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Netskope Client","vendor":"Netskope","versions":[{"status":"affected","version":"100;0"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Netskope credits Jean-Jamil Khalife from HDWSec for reporting this flaw"}],"datePublic":"2023-06-15T04:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.</span><br>"}],"value":"The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<span style=\"background-color: rgb(255, 255, 255);\">Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.</span><br>"}],"value":"Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication."}],"impacts":[{"capecId":"CAPEC-234","descriptions":[{"lang":"en","value":"CAPEC-234 Hijacking a privileged process"}]},{"capecId":"CAPEC-139","descriptions":[{"lang":"en","value":"CAPEC-139 Relative Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"bf992f6a-e49d-4e94-9479-c4cff32c62bc","shortName":"Netskope","dateUpdated":"2024-08-22T12:33:44.038Z"},"references":[{"url":"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Upgrade netskope client to R100 and above.&nbsp;"}],"value":"Upgrade netskope client to R100 and above."}],"source":{"advisory":"NSKPSA-2023-001","defect":["NSKPSA-2023-001"],"discovery":"EXTERNAL"},"title":"Local privilege escalation","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Enable Netskope client hardening&nbsp; listed here -&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/netskope-client-hardening.html\">https://docs.netskope.com/en/netskope-client-hardening.html</a>&nbsp;<br>"}],"value":"Enable Netskope client hardening  listed here -   https://docs.netskope.com/en/netskope-client-hardening.html"}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T06:19:14.091Z"},"title":"CVE Program Container","references":[{"url":"https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001","tags":["x_transferred"]}]},{"affected":[{"vendor":"netskope","product":"netskope","cpes":["cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"r100","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-28T20:29:24.919618Z","id":"CVE-2023-2270","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-28T20:30:16.499Z"}}]}}