Netskope Client Service Insufficient Access Controls

Vulnerability

The vulnerability resides in the Netskope Client for Windows, where the service object and related registry keys have weak Discretionary Access Control Lists (DACLs). This allows a malicious insider with administrative privileges to bypass NSClient Tamper Protections. Affected versions are all below R138 [1].

Exploitation

An attacker requires administrative privileges on the Windows system. With those privileges, the attacker can modify the service object or registry keys due to the insufficient access controls, effectively disabling the tamper protection mechanism. The exploitation involves accessing the Service Control Manager or registry with an account that has administrative rights [1].

Impact

Successful exploitation allows the attacker to bypass the tamper protection of the Netskope Client, potentially enabling them to stop, modify, or interfere with the client's security functions. This could lead to a compromise in the visibility and enforcement of security policies managed by Netskope [1].

Mitigation

Netskope has released a fix in version R138 and above. No workarounds are available at this time. Users are advised to update to R138 or later. No active exploitation has been reported [1].