CVE-2021-41388

Published: Jan 4, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.netskope.com/company/security-compliance-and-assurance/netskope-security-advisory-nskpsa-2021-002

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-41388

Description

Affected Products

References