Netskope

Netskope

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-7401

  • EPSS 0.62%
  • Veröffentlicht 26.08.2024 17:15:06
  • Zuletzt bearbeitet 23.07.2025 11:15:32

Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can...

8.8

CVE-2023-4996

  • EPSS 0.08%
  • Veröffentlicht 06.11.2023 11:15:09
  • Zuletzt bearbeitet 21.11.2024 08:36:25

Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user contro...

7

CVE-2022-4149

  • EPSS 0.03%
  • Veröffentlicht 15.06.2023 07:15:08
  • Zuletzt bearbeitet 21.11.2024 07:34:40

The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. The files are created and written with a SYSTEM account except one file (...

7.8

CVE-2023-2270

  • EPSS 0.03%
  • Veröffentlicht 15.06.2023 05:15:09
  • Zuletzt bearbeitet 21.11.2024 07:58:16

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. The connection handling function of Netskope client before R100 in this service utilized a relati...

7.8

CVE-2021-44862

  • EPSS 0.05%
  • Veröffentlicht 03.11.2022 20:15:24
  • Zuletzt bearbeitet 21.11.2024 06:31:37

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed...

7.8

CVE-2021-41388

  • EPSS 0.04%
  • Veröffentlicht 04.01.2022 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:26:11

Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged...

9

CVE-2020-24576

  • EPSS 0.47%
  • Veröffentlicht 12.08.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 05:15:01

Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.

9.3

CVE-2020-28845

Exploit
  • EPSS 1.07%
  • Veröffentlicht 20.11.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 05:23:10

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.

7.8

CVE-2019-12091

  • EPSS 0.21%
  • Veröffentlicht 26.09.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:22:11

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability....

7.8

CVE-2019-10882

  • EPSS 0.05%
  • Veröffentlicht 26.09.2019 16:15:10
  • Zuletzt bearbeitet 21.11.2024 04:20:02

The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in...