Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-2270
HistoryJun 15, 2023 - 5:15 a.m.

Path traversal

2023-06-1505:15:00
PRIOn knowledge base
www.prio-n.com
2
netskope
path traversal
nt\system privileges
configuration files
exploit
nvd

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.

CPENameOperatorVersion
netskopelt100

Related

nvd 1
cve 1
cvelist 1
nvd
nvd
CVE-2023-2270
2023-06-15 05:15:09
cve
cve
CVE-2023-2270
2023-06-15 05:15:09
cvelist
cvelist
CVE-2023-2270 Local privilege escalation
2023-06-15 04:29:55

7.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON
Related for PRION:CVE-2023-2270
nvd1cve1cvelist1