VYPR

Nsclient

by Netskope

CVEs (7)

  • CVE-2021-44862HigNov 3, 2022
    risk 0.55cvss 8.4epss 0.00

    Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs.…

  • CVE-2023-4996MedNov 6, 2023
    risk 0.43cvss 6.6epss 0.00

    Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a…

  • CVE-2025-11156MedNov 28, 2025
    risk 0.38cvss epss 0.00

    Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw,…

  • CVE-2025-5942MedAug 14, 2025
    risk 0.37cvss epss 0.00

    Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can…

  • CVE-2025-5941LowAug 14, 2025
    risk 0.13cvss epss 0.00

    Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact…

  • CVE-2025-34078Jul 2, 2025
    risk 0.04cvss epss 0.01

    A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this…

  • CVE-2024-7401Aug 26, 2024
    risk 0.00cvss epss 0.01

    Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll…