fkie_nvd - fkie_cve-2024-7401

fkie_cve-2024-7401

Vulnerability from fkie_nvd

Published

2024-08-26 17:15

Modified

2025-07-23 11:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.

References

URL	Tags
psirt@netskope.com	https://docs.netskope.com/en/secure-enrollment/	Product
psirt@netskope.com	https://quickskope.com/
psirt@netskope.com	https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001	Vendor Advisory

Impacted products

	Vendor	Product	Version
	netskope	netskope	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6839F225-C83A-4132-8802-E088178691C2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."
    },
    {
      "lang": "es",
      "value": "Netskope fue notificado sobre una brecha de seguridad en el proceso de inscripci\u00f3n del Cliente Netskope donde NSClient utiliza un token est\u00e1tico \"Orgkey\" como par\u00e1metro de autenticaci\u00f3n. Dado que este token est\u00e1tico, si se filtra, no se puede rotar ni revocar. Un actor malintencionado puede utilizar este token para inscribir NSClient desde el inquilino de un cliente y hacerse pasar por un usuario."
    }
  ],
  "id": "CVE-2024-7401",
  "lastModified": "2025-07-23T11:15:32.100",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.5,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "RED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "HIGH",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "LOW",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "psirt@netskope.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-26T17:15:06.987",
  "references": [
    {
      "source": "psirt@netskope.com",
      "tags": [
        "Product"
      ],
      "url": "https://docs.netskope.com/en/secure-enrollment/"
    },
    {
      "source": "psirt@netskope.com",
      "url": "https://quickskope.com/"
    },
    {
      "source": "psirt@netskope.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"
    }
  ],
  "sourceIdentifier": "psirt@netskope.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "psirt@netskope.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-7401 (GCVE-0-2024-7401)

Vulnerability from cvelistv5

Published

2024-08-26 16:36

Modified

2025-07-23 11:02

Severity ?

8.5 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/U:Red

CWE

CWE-287 - Improper Authentication

Summary

References

▼	URL	Tags
	https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001	vendor-advisory
	https://docs.netskope.com/en/secure-enrollment/	patch
	https://quickskope.com/	exploit

Impacted products

	Vendor	Product	Version
	Netskope	Netskope Client

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T17:34:17.761636Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T17:35:05.399Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "Netskope Client",
          "product": "Netskope Client",
          "vendor": "Netskope",
          "versions": [
            {
              "status": "unknown",
              "version": "All"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Sander di Wit"
        }
      ],
      "datePublic": "2024-08-26T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(248, 248, 248);\"\u003eNetskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user.\u003c/span\u003e\n\n\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token \u201cOrgkey\u201d as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer\u2019s tenant and impersonate a user."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
            }
          ],
          "value": "Netskope has received isolated reports of abuse of this known exploit by Bug Bounty hunters. Netskope is happy to help customers detect any abuse and help them contain and remediate the incident, if any."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "providerUrgency": "RED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:L/SC:H/SI:H/SA:L/AU:Y/U:Red",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287 Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-23T11:02:11.214Z",
        "orgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
        "shortName": "Netskope"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-001"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://docs.netskope.com/en/secure-enrollment/"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://quickskope.com/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide - \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.netskope.com/en/secure-enrollment/\"\u003ehttps://docs.netskope.com/en/secure-enrollment/\u003c/a\u003e \u003cbr\u003e"
            }
          ],
          "value": "Netskope has fixed the gap and recommends customers to review their deployments of Netskope Client and enable the fix in their tenants. Here is the detailed guide -  https://docs.netskope.com/en/secure-enrollment/"
        }
      ],
      "source": {
        "advisory": "NSKPSA-2024-001",
        "discovery": "USER"
      },
      "title": "Client Enrollment Process Bypass",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \u003cbr\u003e\u003cul\u003e\u003cli\u003eEnable device compliance and device classification\u003c/li\u003e\u003cli\u003eCreate a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk: \n  *  Enable device compliance and device classification\n  *  Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bf992f6a-e49d-4e94-9479-c4cff32c62bc",
    "assignerShortName": "Netskope",
    "cveId": "CVE-2024-7401",
    "datePublished": "2024-08-26T16:36:40.915Z",
    "dateReserved": "2024-08-02T07:20:21.411Z",
    "dateUpdated": "2025-07-23T11:02:11.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted