CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7401 – Client Enrollment Process Bypass
https://notcve.org/view.php?id=CVE-2024-7401
26 Aug 2024 — Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user. Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static ... • https://docs.netskope.com/en/secure-enrollment • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4996 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-4996
06 Nov 2023 — Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. Netskope fue informado de una vulnerabil... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-003 • CWE-281: Improper Preservation of Permissions •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4149 – Local privilege escalation using log file
https://notcve.org/view.php?id=CVE-2022-4149
15 Jun 2023 — The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (logplaceholder) which inherits permission giving all users full access control list. Netskope client restricts access to this file by allowing only read permissions as a standard user. Whenever the Netskope client service restarts, it deletes the logplaceholder ... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-002 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-2270 – Local privilege escalation
https://notcve.org/view.php?id=CVE-2023-2270
15 Jun 2023 — The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relative path to download and unzip configuration files on the machine. This relative path provided a way for local users to write arbitrary files at a location which is accessible to only higher privileged users. This can be exploited by local users to execute code w... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2023-001 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44862 – Sensitive Information store in NSClient logs
https://notcve.org/view.php?id=CVE-2021-44862
03 Nov 2022 — Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. El cliente Netskope se ve afectado por una vulnerabilidad en la que un atacante local autenticado puede ver información confidencial al... • https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2022-001 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-41388
https://notcve.org/view.php?id=CVE-2021-41388
04 Jan 2022 — Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level. El cliente de Netskope versiones anteriores a 89.x en macOS, está afectado por una vulnerabilidad de escalada de privilegios local. La imp... • https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24576
https://notcve.org/view.php?id=CVE-2020-24576
12 Aug 2021 — Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. Netskope Client versiones hasta 77, permite a usuarios poco privilegiados elevar sus privilegios a NT AUTHORITY\SYSTEM • https://www.netskope.com • CWE-269: Improper Privilege Management •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28845
https://notcve.org/view.php?id=CVE-2020-28845
20 Nov 2020 — A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. Una vulnerabilidad de inyección CSV en el portal de administración de Netskope versión 75.0, permite a un usuario no autenticado inyectar una carga útil maliciosa en el portal de administración y, por lo tanto, comprometer el sistema de administración • http://the-it-wonders.blogspot.com/2020/11/netskope-csv-injection-in-admin-ui.html • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-12091 – Netskope client command injections vulnerability
https://notcve.org/view.php?id=CVE-2019-12091
26 Sep 2019 — The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. El servicio cliente Netskope, v57 versiones anteriores a 57.2.0.219 y v60 versiones anteriores a 60.2.0.214, ejecutado con privilegio NT\SYSTEM, acepta conexiones de red de localho... • https://airbus-seclab.github.io/advisories/netskope.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10882 – Netskope client buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2019-10882
26 Sep 2019 — The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. El servicio cliente Netskope, v57 versiones anteriores a 57.2.0.219 y v60 versiones anteriores a 60... • https://airbus-seclab.github.io/advisories/netskope.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •