CVE-2024-7402
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H
Summary
Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Netskope | Netskope Client | 0 < 123.0.16, 126.0.9, 129.0.0 | affected |
Weaknesses
- CWE-354: CWE-354
Workarounds
Prevent users from installing or adding 3rd party certificates in their machine's Operating System trust store. This will prevent users from performing MITM and tampering with configurations.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.