The Netskope client service, running with NT\SYSTEM privilege, accepts network connections from localhost.
The connection handling function in this service suffers from a command injection vulnerability.
Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
CWE-78 Command injection
Netskope
- Netskope client v57 before 57.2.0.219
- Netskope client v60 before 60.2.0.214
Netskope Client on Windows
Local
Yes
An authenticated user can interact with the Netskope Client service through a local network socket and trigger an command injection.
- https://www.netskope.com/
- https://www.netskope.com/vulnerability-disclosure-policy
- https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
- https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Julien Lenoir, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.
The Netskope client service, running with NT\SYSTEM privilege, accepts network connections from localhost.
The connection handling function in this service suffers from a stack based buffer overflow in doHandshakefromServer function.
Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.
Stack based buffer overflow
Netskope
- Netskope client v57 before 57.2.0.219
- Netskope client v60 before 60.2.0.214
Netskope Client on Windows
Local
Memory corruption and denial of service
An authenticated user can interract with the Netskope Client service through a local network socket and trigger an command injection.
- https://www.netskope.com/
- https://www.netskope.com/vulnerability-disclosure-policy
- https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf
- https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client
Julien Lenoir, Benoit Camredon, Mouad Abouhali from Airbus Security Lab.