NETSKOPE CLIENT SERVICE LOCAL PRIVILEGE ESCALATION
The article discusses a local privilege escalation vulnerability found in the Netskope Client Service on Windows. The vulnerability, identified as CVE-2023-2270, affects versions up to 99 and was discovered by Jean-Jamil Khalife. The issue was reported to Netskope on July 22, 2022, and a fix was integrated on April 27, 2023. The vulnerability was found during a security audit for a client who wanted to know if it was possible to compromise company laptops. The researcher discovered several vulnerabilities in the Netskope Client Service that, when chained together, led to a user-to-system elevation of privilege. The exploit involves modifying the nsbranding.json file, forcing the agent to reload the JSON file, making the agent download and extract a specially crafted ZIP file to drop a DLL, and making the agent launch netsh.exe, resulting in loading the DLL that spawns a shell. The researcher provided details on building the exploit and concluded that security software should not be blindly trusted, as it may also come with its own vulnerabilities. The vulnerability has been disclosed to Netskope and is referenced in their security advisories. CVEs: CVE-2023-2270 [View Article](http://www.ctfiot.com/123374.html)