Privilege Escalation Vulnerability in Netskope Client for Mac OS
CVE-2024-13177

5.2MEDIUM

Key Information:

Vendor: Netskope
Status: Netskope Client
Vendor: CVE Published:; 15 April 2025

What is CVE-2024-13177?

A vulnerability exists in the Netskope Client for Mac OS, where the postinstall script fails to adequately validate the path of the 'nsinstallation' file. This oversight allows a standard user to create a symbolic link to the 'nsinstallation' file, potentially granting elevated privileges to another file within the system. Remediation measures should be taken for versions prior to 123.0, 117.1.11.2310, and 120.1.10.2306 to mitigate this risk.

Affected Version(s)

Netskope Client MacOS 0 < 123.0

Netskope Client MacOS 0 < 117.1.11.2310

Netskope Client MacOS 0 < 120.1.10.2306

References

https://support.netskope.com/s/article/Netskope-Security-...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Max Keasley

CVE-2024-13177 Data

JSON