CVE-2024-13177

Published: Apr 15, 2025

Modified: Apr 15, 2025

PUBLISHED

Description

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Vendor	Product	Versions
Netskope	Netskope Client	affected `0 - < 123.0` affected `0 - < 117.1.11.2310` affected `0 - < 120.1.10.2306`

Weaknesses (CWE)

CWE-610

References

https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-13177

Description

Affected Products

Weaknesses (CWE)

References