{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2270", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "state": "PUBLISHED", "assignerShortName": "Netskope", "dateReserved": "2023-04-25T05:16:46.270Z", "datePublished": "2023-06-15T04:29:55.133Z", "dateUpdated": "2024-08-28T20:30:16.499Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Netskope Client", "vendor": "Netskope", "versions": [{"status": "affected", "version": "100;0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Netskope credits Jean-Jamil Khalife from HDWSec for reporting this flaw"}], "datePublic": "2023-06-15T04:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.</span><br>"}], "value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.</span><br>"}], "value": "Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication."}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}, {"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2024-08-22T12:33:44.038Z"}, "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Upgrade netskope client to R100 and above.&nbsp;"}], "value": "Upgrade netskope client to R100 and above."}], "source": {"advisory": "NSKPSA-2023-001", "defect": ["NSKPSA-2023-001"], "discovery": "EXTERNAL"}, "title": "Local privilege escalation", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Enable Netskope client hardening&nbsp; listed here -&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/netskope-client-hardening.html\">https://docs.netskope.com/en/netskope-client-hardening.html</a>&nbsp;<br>"}], "value": "Enable Netskope client hardening\u00a0 listed here -\u00a0\u00a0 https://docs.netskope.com/en/netskope-client-hardening.html"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.091Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "netskope", "product": "netskope", "cpes": ["cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "r100", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-28T20:29:24.919618Z", "id": "CVE-2023-2270", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T20:30:16.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:19:14.091Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2270", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-28T20:29:24.919618Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*"], "vendor": "netskope", "product": "netskope", "versions": [{"status": "affected", "version": "0", "lessThan": "r100", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-28T20:30:12.790Z"}}], "cna": {"title": "Local privilege escalation", "source": {"defect": ["NSKPSA-2023-001"], "advisory": "NSKPSA-2023-001", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Netskope credits Jean-Jamil Khalife from HDWSec for reporting this flaw"}], "impacts": [{"capecId": "CAPEC-234", "descriptions": [{"lang": "en", "value": "CAPEC-234 Hijacking a privileged process"}]}, {"capecId": "CAPEC-139", "descriptions": [{"lang": "en", "value": "CAPEC-139 Relative Path Traversal"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Netskope", "product": "Netskope Client", "versions": [{"status": "affected", "version": "100;0"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.</span><br>", "base64": false}]}], "solutions": [{"lang": "en", "value": "Upgrade netskope client to R100 and above.", "supportingMedia": [{"type": "text/html", "value": "Upgrade netskope client to R100 and above.&nbsp;", "base64": false}]}], "datePublic": "2023-06-15T04:00:00.000Z", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"}], "workarounds": [{"lang": "en", "value": "Enable Netskope client hardening\u00a0 listed here -\u00a0\u00a0 https://docs.netskope.com/en/netskope-client-hardening.html", "supportingMedia": [{"type": "text/html", "value": "Enable Netskope client hardening&nbsp; listed here -&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/netskope-client-hardening.html\">https://docs.netskope.com/en/netskope-client-hardening.html</a>&nbsp;<br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "shortName": "Netskope", "dateUpdated": "2024-08-22T12:33:44.038Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2270", "state": "PUBLISHED", "dateUpdated": "2024-08-28T20:30:16.499Z", "dateReserved": "2023-04-25T05:16:46.270Z", "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc", "datePublished": "2023-06-15T04:29:55.133Z", "assignerShortName": "Netskope"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BC73823-6707-4519-8F29-67193DD1F8D4", "versionEndExcluding": "100", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine."}], "id": "CVE-2023-2270", "lastModified": "2024-08-22T13:15:04.820", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "psirt@netskope.com", "type": "Secondary"}]}, "published": "2023-06-15T05:15:09.773", "references": [{"source": "psirt@netskope.com", "tags": ["Vendor Advisory"], "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"}], "sourceIdentifier": "psirt@netskope.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "psirt@netskope.com", "type": "Secondary"}]}

{}