CVE-2024-7401

Summary

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user.

Affected Software

VendorProductVersion RangeStatus
NetskopeNetskope ClientAllunknown

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

Workarounds

There is no countermeasure available to remediate the gap without enabling Secure Enrollment, but follow the below steps to minimize the risk:

  • Enable device compliance and device classification
  • Create a policy to block all traffic for the devices which are not meeting the device compliance checks and are not falling under proper device classification.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References