Netskope · Netskope Client · CVE-2024-7401
**Name of the Vulnerable Software and Affected Versions**
Netskope Client (affected versions not specified)
**Description**
A security issue exists in the Netskope Client enrollment process. The NSClient utilizes a static token, `Orgkey`, as an authentication parameter. Because this token is static, it cannot be rotated or revoked if compromised. A malicious actor could leverage this token to enroll NSClient within a customer’s tenant and impersonate a user.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.