Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-7402

Summary
Assigner-Netskope
Assigner Org ID-bf992f6a-e49d-4e94-9479-c4cff32c62bc
Published At-14 Aug, 2025 | 04:32
Updated At-15 Aug, 2025 | 12:58
Rejected At-
Credits

Netskope Client Configuration Tampering with Local MITM

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Netskope
Assigner Org ID:bf992f6a-e49d-4e94-9479-c4cff32c62bc
Published At:14 Aug, 2025 | 04:32
Updated At:15 Aug, 2025 | 12:58
Rejected At:
▼CVE Numbering Authority (CNA)
Netskope Client Configuration Tampering with Local MITM

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

Affected Products
Vendor
Netskope
Product
Netskope Client
Default Status
unaffected
Versions
Affected
  • From 0 before 123.0.16, 126.0.9, 129.0.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-354CWE-354
Type: CWE
CWE ID: CWE-354
Description: CWE-354
Metrics
VersionBase scoreBase severityVector
4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Customers can apply the fix by enabling the “Secure Configuration” option from the tenant under Settings -> Security Cloud Platform -> Netskope Client -> MDM Distribution -> Secure Enrollment page. Customers are recommended to upgrade the Netskope Client to the latest versions of R123, R126, R129 or higher and adopt “Netskope Client Secure Configuration Service” for APIs.

Configurations
Workarounds

Prevent users from installing or adding 3rd party certificates in their machine's Operating System trust store. This will prevent users from performing MITM and tampering with configurations.

Exploits
Credits
reporter
Sander de Wit
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002
N/A
Hyperlink: https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-354CWE-354 Improper Validation of Integrity Check Value
Type: CWE
CWE ID: CWE-354
Description: CWE-354 Improper Validation of Integrity Check Value
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@netskope.com
Published At:14 Aug, 2025 | 05:15
Updated At:15 Aug, 2025 | 13:15

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.0HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 7.0
Base severity: HIGH
Vector:
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-354Secondarypsirt@netskope.com
CWE-354Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-354
Type: Secondary
Source: psirt@netskope.com
CWE ID: CWE-354
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002psirt@netskope.com
N/A
Hyperlink: https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002
Source: psirt@netskope.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found