CVE-2021-41388
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
El cliente de Netskope versiones anteriores a 89.x en macOS, está afectado por una vulnerabilidad de escalada de privilegios local. La implementación de XPC del proceso nsAuxiliarySvc no lleva a cabo la comprobación de las nuevas conexiones antes de aceptar la conexión. Así, cualquier usuario con pocos privilegios puede conectarse y llamar a los métodos externos definidos en el servicio XPC como root, elevando su privilegio al nivel más alto
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-17 CVE Reserved
- 2022-01-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002 | 2022-01-13 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netskope Search vendor "Netskope" | Netskope Search vendor "Netskope" for product "Netskope" | < 89 Search vendor "Netskope" for product "Netskope" and version " < 89" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|