PT-2025-16355 · Netskope · Netskope Client
Max Keasley
·
Published
2025-04-15
·
Updated
2025-04-15
·
CVE-2024-13177
CVSS v4.0
5.2
Medium
| Vector | AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Netskope Client versions prior to 123.0
Netskope Client versions prior to 117.1.11.2310
Netskope Client versions prior to 120.1.10.2306
Description
The issue is related to a vulnerability in the postinstall script of the Netskope Client on Mac OS, where it does not properly validate the path of the file
nsinstallation. This could allow a standard user to create a symlink of the file nsinstallation to escalate the privileges of a different file on the system.Recommendations
For versions prior to 123.0, update to version 123.0 or later.
For versions prior to 117.1.11.2310, update to version 117.1.11.2310 or later.
For versions prior to 120.1.10.2306, update to version 120.1.10.2306 or later.
As a temporary workaround, consider restricting access to the
nsinstallation file to minimize the risk of exploitation.Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netskope Client