Vulnerabilites related to Netskope - Netskope Client
CVE-2023-2270 (GCVE-0-2023-2270)
Vulnerability from cvelistv5
Published
2023-06-15 04:29
Modified
2024-08-28 20:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\SYSTEM privileges on the end machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 100;0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:14.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "netskope",
"vendor": "netskope",
"versions": [
{
"lessThan": "r100",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-28T20:29:24.919618Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:30:16.499Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"status": "affected",
"version": "100;0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Netskope credits Jean-Jamil Khalife from HDWSec for reporting this flaw"
}
],
"datePublic": "2023-06-15T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The Netskope client service running with NT\\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code with NT\\SYSTEM privileges on the end machine."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
},
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T12:33:44.038Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade netskope client to R100 and above.\u0026nbsp;"
}
],
"value": "Upgrade netskope client to R100 and above."
}
],
"source": {
"advisory": "NSKPSA-2023-001",
"defect": [
"NSKPSA-2023-001"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Enable Netskope client hardening\u0026nbsp; listed here -\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/netskope-client-hardening.html\"\u003ehttps://docs.netskope.com/en/netskope-client-hardening.html\u003c/a\u003e\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Enable Netskope client hardening\u00a0 listed here -\u00a0\u00a0 https://docs.netskope.com/en/netskope-client-hardening.html"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2023-2270",
"datePublished": "2023-06-15T04:29:55.133Z",
"dateReserved": "2023-04-25T05:16:46.270Z",
"dateUpdated": "2024-08-28T20:30:16.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5941 (GCVE-0-2025-5941)
Vulnerability from cvelistv5
Published
2025-08-14 04:34
Modified
2025-08-15 12:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-Bounds Read
Summary
Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:27:50.614969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:34.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThanOrEqual": "128.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Brice"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Netskope is notified about a potential gap in its agent (NS Client) in which a malicious actor could trigger a memory leak by sending a crafted DNS packet to a machine. A successful exploitation may require administrative privileges on the machine, based on the exact configuration. A successful exploit can potentially result in user-controllable memory being leaked in a domain name stored on the local machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T04:34:43.106Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-001"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the Netskope Client to version 129.0.0 or newer"
}
],
"value": "Upgrade the Netskope Client to version 129.0.0 or newer"
}
],
"source": {
"advisory": "NSKPSA-2025-001",
"discovery": "UNKNOWN"
},
"title": "Out-of-Bounds Read Vulnerability in Netskope Client",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2025-5941",
"datePublished": "2025-08-14T04:34:43.106Z",
"dateReserved": "2025-06-09T16:38:39.177Z",
"dateUpdated": "2025-08-15T12:58:34.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4996 (GCVE-0-2023-4996)
Vulnerability from cvelistv5
Published
2023-11-06 10:16
Modified
2024-09-05 15:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-281 - Improper Preservation of Permissions
Summary
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 100 & prior |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T15:18:52.458920Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T15:19:00.692Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"status": "affected",
"version": "100 \u0026 prior"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Netskope credits Alexander Katziv from Novartis for reporting this flaw."
}
],
"datePublic": "2023-11-06T10:08:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026amp; prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Netskope was made aware of a security vulnerability in its NSClient product for version 100 \u0026 prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.\u00a0\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope is not aware of any public exploitations of the issue till the advisory is published.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Netskope is not aware of any public exploitations of the issue till the advisory is published.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T10:16:06.626Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts\"\u003eDownload Netskope Client and Scripts \u2013 Netskope Support\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Netskope patched the issue and released a new version. The issue was fixed in Release101. Customers are recommended to upgrade their client to the versions R101 or greater. Netskope download Instructions \u2013 Download Netskope Client and Scripts \u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \n"
}
],
"source": {
"advisory": "NSKPSA-2023-003",
"discovery": "UNKNOWN"
},
"title": "Local privilege escalation ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2023-4996",
"datePublished": "2023-11-06T10:16:06.626Z",
"dateReserved": "2023-09-15T12:39:38.532Z",
"dateUpdated": "2024-09-05T15:19:00.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10882 (GCVE-0-2019-10882)
Vulnerability from cvelistv5
Published
2019-09-26 15:16
Modified
2024-09-16 23:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Overflow
Summary
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf | x_refsource_CONFIRM | |
| https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client | x_refsource_CONFIRM | |
| https://airbus-seclab.github.io/advisories/netskope.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope client |
Version: 54 < Netskope client* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:32:02.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Netskope client",
"vendor": "Netskope",
"versions": [
{
"status": "unaffected",
"version": "Netskope client 57.2.0.219"
},
{
"status": "unaffected",
"version": "Netskope client 60.2.0.214"
},
{
"changes": [
{
"at": "62",
"status": "unaffected"
}
],
"lessThan": "Netskope client*",
"status": "affected",
"version": "54",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"datePublic": "2019-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in \"doHandshakefromServer\" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:16:09",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Netskope client buffer overflow vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"DATE_PUBLIC": "2019-05-17T00:00:00.000Z",
"ID": "CVE-2019-10882",
"STATE": "PUBLIC",
"TITLE": "Netskope client buffer overflow vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netskope client",
"version": {
"version_data": [
{
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "Netskope client",
"version_value": "54"
},
{
"platform": "x86",
"version_affected": "\u003c",
"version_name": "Netskope client",
"version_value": "62"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "57.2.0.219"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "60.2.0.214"
}
]
}
}
]
},
"vendor_name": "Netskope"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in \"doHandshakefromServer\" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"name": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"name": "https://airbus-seclab.github.io/advisories/netskope.html",
"refsource": "MISC",
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-10882",
"datePublished": "2019-09-26T15:16:09.626407Z",
"dateReserved": "2019-04-05T00:00:00",
"dateUpdated": "2024-09-16T23:00:47.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5942 (GCVE-0-2025-5942)
Vulnerability from cvelistv5
Published
2025-08-14 04:36
Modified
2025-08-18 16:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 0 < 126.0.9, 129.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:26:26.609310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T16:45:47.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "126.0.9, 129.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Must be using Netskope Endpoint DLP"
}
],
"value": "Must be using Netskope Endpoint DLP"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thomas Brice"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine."
}
],
"value": "Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, an unprivileged user can trigger a heap overflow in the epdlpdrv.sys driver, leading to a Blue-Screen-of-Death (BSOD). Successful exploitation can also potentially be performed by an unprivileged user whose NS Client is configured to use Endpoint DLP. A successful exploit can result in a denial-of-service for the local machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T04:36:05.383Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-003"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the Netskope Client to version 129.0.0 or newer, or to the hotfix version of 126.0.9.\u0026nbsp;"
}
],
"value": "Update the Netskope Client to version 129.0.0 or newer, or to the hotfix version of 126.0.9."
}
],
"source": {
"advisory": "NSKPSA-2025-003",
"discovery": "EXTERNAL"
},
"title": "Heap Overflow in Netskope Endpoint DLP Driver",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
}
],
"value": "Some AV and EDR solutions may be able to detect the behaviors associated with exploiting this vulnerability."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2025-5942",
"datePublished": "2025-08-14T04:36:05.383Z",
"dateReserved": "2025-06-09T16:38:43.986Z",
"dateUpdated": "2025-08-18T16:45:47.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13177 (GCVE-0-2024-13177)
Vulnerability from cvelistv5
Published
2025-04-15 15:21
Modified
2025-04-15 16:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
Summary
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system.
This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 0 < 123.0 Version: 0 < 117.1.11.2310 Version: 0 < 120.1.10.2306 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T16:08:03.378825Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T16:14:08.279Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "123.0",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "117.1.11.2310",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "120.1.10.2306",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Max Keasley"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \u003cbr\u003e\u003cp\u003eThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.\u003c/p\u003e"
}
],
"value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-610",
"description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T15:21:21.941Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the Netskope Client to one of the following versions:\u003cbr\u003e\u003cul\u003e\u003cli\u003eR123 or above\u003c/li\u003e\u003cli\u003e120.1.10.2306\u003c/li\u003e\u003cli\u003e117.1.11.2310\u003cbr\u003e\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Upgrade the Netskope Client to one of the following versions:\n * R123 or above\n * 120.1.10.2306\n * 117.1.11.2310"
}
],
"source": {
"advisory": "NSKPSA-2024-004",
"discovery": "UNKNOWN"
},
"title": "Symlink Following in Netskope Client Postinstall Script",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2024-13177",
"datePublished": "2025-04-15T15:21:21.941Z",
"dateReserved": "2025-01-07T14:24:14.138Z",
"dateUpdated": "2025-04-15T16:14:08.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12091 (GCVE-0-2019-12091)
Vulnerability from cvelistv5
Published
2019-09-26 15:18
Modified
2024-08-04 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Command injection
Summary
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf | x_refsource_CONFIRM | |
| https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client | x_refsource_CONFIRM | |
| https://airbus-seclab.github.io/advisories/netskope.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope client |
Version: 57 < Netskope client* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:10:30.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x86"
],
"product": "Netskope client",
"vendor": "Netskope",
"versions": [
{
"status": "unaffected",
"version": "Netskope client 60.2.0.214"
},
{
"status": "unaffected",
"version": "Netskope client 57.2.0.219"
},
{
"changes": [
{
"at": "62",
"status": "unaffected"
}
],
"lessThan": "Netskope client*",
"status": "affected",
"version": "57",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"descriptions": [
{
"lang": "en",
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\\SYSTEM privilege."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Command injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-26T15:18:00",
"orgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"shortName": "airbus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Netskope client command injections vulnerability",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@airbus.com",
"ID": "CVE-2019-12091",
"STATE": "PUBLIC",
"TITLE": "Netskope client command injections vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Netskope client",
"version": {
"version_data": [
{
"platform": "x86",
"version_affected": "\u003e=",
"version_name": "Netskope client",
"version_value": "57"
},
{
"platform": "x86",
"version_affected": "\u003c",
"version_name": "Netskope client",
"version_value": "62"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "60.2.0.214"
},
{
"platform": "x86",
"version_affected": "!",
"version_name": "Netskope client",
"version_value": "57.2.0.219"
}
]
}
}
]
},
"vendor_name": "Netskope"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Julien Lenoit, Benoit Camredon, Mouad Abouhali from Airbus Security Lab."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\\SYSTEM privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/article_attachments/360033003553/Sprint_62_Release_Notes.pdf"
},
{
"name": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client",
"refsource": "CONFIRM",
"url": "https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client"
},
{
"name": "https://airbus-seclab.github.io/advisories/netskope.html",
"refsource": "MISC",
"url": "https://airbus-seclab.github.io/advisories/netskope.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Remediations were applied in R62 onwards and retrospectively applied in golden releases R60.2.0.214 and R57.2.0.219. Link to latest support golden releases - https://support.netskope.com/hc/en-us/articles/360014589894-Netskope-Client."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "24a3c815-5f22-4d74-967a-30958d6466f4",
"assignerShortName": "airbus",
"cveId": "CVE-2019-12091",
"datePublished": "2019-09-26T15:18:00",
"dateReserved": "2019-05-14T00:00:00",
"dateUpdated": "2024-08-04T23:10:30.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4149 (GCVE-0-2022-4149)
Vulnerability from cvelistv5
Published
2023-06-15 06:44
Modified
2024-12-12 17:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\Users\Public\netSkope\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 95, 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T17:04:43.872061Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T17:05:07.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"status": "affected",
"version": "95, 0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Netskope credits Dawson Medin from Mandiant for reporting this flaw."
}
],
"datePublic": "2023-06-15T06:24:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\\SYSTEM which writes log files to a writable directory (C:\\Users\\Public\\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\\Users\\Public\\netSkope\\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\\SYSTEM which writes log files to a writable directory (C:\\Users\\Public\\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder and recreates, creating a race condition, which can be exploited by a malicious local user to create the file and set ACL permissions on the file. Once the file is created by a malicious user with proper ACL permissions, all files within C:\\Users\\Public\\netSkope\\ becomes modifiable by the unprivileged user. By using Windows pseudo-symlink, these files can be pointed to other places in the system and thus malicious users will be able to elevate privileges.\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eNetskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.\u0026nbsp;\u003c/p\u003e"
}
],
"value": "Netskope is not aware of any public disclosure and exploitation of this vulnerability at the time of publication.\u00a0\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-15T06:44:27.310Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNetskope has patched the vulnerability and released a binary with a fix. Customers are recommended to upgrade their Netskope clients to v100 or later. Netskope download Instructions \u2013 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts\"\u003eDownload Netskope Client and Scripts \u2013 Netskope Support\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "Netskope has patched the vulnerability and released a binary with a fix. Customers are recommended to upgrade their Netskope clients to v100 or later. Netskope download Instructions \u2013 Download Netskope Client and Scripts \u2013 Netskope Support https://support.netskope.com/s/article/Download-Netskope-Client-and-Scripts \n"
}
],
"source": {
"advisory": "NSKPSA-2023-002",
"defect": [
"NSKPSA-2023-002"
],
"discovery": "EXTERNAL"
},
"title": "Local privilege escalation using log file",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope recommends using hardening guidelines listed here -\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u2013 \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/netskope-client-hardening.html\"\u003ehttps://docs.netskope.com/en/netskope-client-hardening.html\u003c/a\u003e\u0026nbsp;\u003cbr\u003e"
}
],
"value": "Netskope recommends using hardening guidelines listed here -\u00a0\u2013 https://docs.netskope.com/en/netskope-client-hardening.html https://docs.netskope.com/en/netskope-client-hardening.html \u00a0\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2022-4149",
"datePublished": "2023-06-15T06:44:25.434Z",
"dateReserved": "2022-11-28T12:19:11.243Z",
"dateUpdated": "2024-12-12T17:05:07.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7402 (GCVE-0-2024-7402)
Vulnerability from cvelistv5
Published
2025-08-14 04:32
Modified
2025-08-15 12:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 0 < 123.0.16, 126.0.9, 129.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:28:14.675484Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354 Improper Validation of Integrity Check Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:40.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "123.0.16, 126.0.9, 129.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Sander de Wit"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine. \u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-354",
"description": "CWE-354",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T04:32:41.870Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Customers can apply the fix by enabling the \u201cSecure Configuration\u201d option from the tenant under Settings -\u0026gt; Security Cloud Platform -\u0026gt; Netskope Client -\u0026gt; MDM Distribution -\u0026gt; Secure Enrollment page. Customers are recommended to upgrade the Netskope Client to the latest versions of R123, R126, R129 or higher and adopt \u201cNetskope Client Secure Configuration Service\u201d for APIs."
}
],
"value": "Customers can apply the fix by enabling the \u201cSecure Configuration\u201d option from the tenant under Settings -\u003e Security Cloud Platform -\u003e Netskope Client -\u003e MDM Distribution -\u003e Secure Enrollment page. Customers are recommended to upgrade the Netskope Client to the latest versions of R123, R126, R129 or higher and adopt \u201cNetskope Client Secure Configuration Service\u201d for APIs."
}
],
"source": {
"advisory": "NSKPSA-2024-002",
"discovery": "EXTERNAL"
},
"title": "Netskope Client Configuration Tampering with Local MITM",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Prevent users from installing or adding 3rd party certificates in their machine\u0027s Operating System trust store. This will prevent users from performing MITM and tampering with configurations."
}
],
"value": "Prevent users from installing or adding 3rd party certificates in their machine\u0027s Operating System trust store. This will prevent users from performing MITM and tampering with configurations."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2024-7402",
"datePublished": "2025-08-14T04:32:41.870Z",
"dateReserved": "2024-08-02T07:21:12.054Z",
"dateUpdated": "2025-08-15T12:58:40.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0309 (GCVE-0-2025-0309)
Vulnerability from cvelistv5
Published
2025-08-14 04:35
Modified
2025-08-15 12:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
Version: 0 < 129.0.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0309",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-15T12:26:51.060701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-15T12:58:27.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"lessThan": "129.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Richard Warren"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."
}
],
"value": "An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to elevate privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T04:35:15.287Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://blog.amberwolf.com/blog/2025/august/breaking-into-your-network-zer0-effort/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2025-002"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the Netskope Client to version 129.0.0 or newer"
}
],
"value": "Update the Netskope Client to version 129.0.0 or newer"
}
],
"source": {
"advisory": "NSKPSA-2025-002",
"discovery": "EXTERNAL"
},
"title": "Netskope Client Local Elevation of Privileges",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are multiple configurations which can mitigate and reduce potential exposure: \u003cbr\u003e\u003cul\u003e\u003cli\u003eBlock connection/access to any new domain or URLs to NS Client apart from goskope.com\u003c/li\u003e\u003cul\u003e\u003cli\u003eUse EDR tools to monitor connections from NS Client to any random domains and block it\u003c/li\u003e\u003c/ul\u003e\u003cli\u003e\n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\u003cbr\u003e\u003c/li\u003e\u003cli\u003eMonitor the status of NS Client\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
}
],
"value": "There are multiple configurations which can mitigate and reduce potential exposure: \n * Block connection/access to any new domain or URLs to NS Client apart from goskope.com\n * Use EDR tools to monitor connections from NS Client to any random domains and block it\n\n\n * \n\nMonitor for addition of any self signed certificates in operating system certificate store\n\n\n\n * Monitor the status of NS Client"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2025-0309",
"datePublished": "2025-08-14T04:35:15.287Z",
"dateReserved": "2025-01-07T14:23:56.898Z",
"dateUpdated": "2025-08-15T12:58:27.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7401 (GCVE-0-2024-7401)
Vulnerability from cvelistv5
Published
2024-08-26 16:36
Modified
2025-07-23 11:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-287 - Improper Authentication
Summary
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Netskope | Netskope Client |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T17:34:17.761636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T17:35:05.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Netskope Client",
"product": "Netskope Client",
"vendor": "Netskope",
"versions": [
{
"status": "unknown",
"version": "All"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sander di Wit"
}
],
"datePublic": "2024-08-26T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003eNetskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
}
],
"value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T11:02:11.214Z",
"orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"shortName": "Netskope"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"
},
{
"tags": [
"patch"
],
"url": "https://docs.netskope.com/en/secure-enrollment/"
},
{
"tags": [
"exploit"
],
"url": "https://quickskope.com/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/secure-enrollment/\"\u003ehttps://docs.netskope.com/en/secure-enrollment/\u003c/a\u003e \u003cbr\u003e"
}
],
"value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - https://docs.netskope.com/en/secure-enrollment/"
}
],
"source": {
"advisory": "NSKPSA-2024-001",
"discovery": "USER"
},
"title": "Client Enrollment Process Bypass",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \u003cbr\u003e\u003cul\u003e\u003cli\u003eEnable device compliance and device classification\u003c/li\u003e\u003cli\u003eCreate a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \n * Enable device compliance and device classification\n * Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
"assignerShortName": "Netskope",
"cveId": "CVE-2024-7401",
"datePublished": "2024-08-26T16:36:40.915Z",
"dateReserved": "2024-08-02T07:20:21.411Z",
"dateUpdated": "2025-07-23T11:02:11.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}