What is the severity of CVE-2024-13177?

The CVE-2024-13177 vulnerability is rated high due to the potential for privilege escalation on Mac OS systems.

How do I fix CVE-2024-13177?

To fix CVE-2024-13177, update the Netskope Client to the latest version available from the vendor.

Who is affected by CVE-2024-13177?

Netskope Client versions below 123.0, 117.1.11.2310, and 120.1.10.2306 on Mac OS are affected by CVE-2024-13177.

What kind of attack can CVE-2024-13177 enable?

CVE-2024-13177 can enable an attacker to escalate their privileges by exploiting a symbolic link in the Netskope Client installation process.

Is there a workaround for CVE-2024-13177?

There are no recommended workarounds for CVE-2024-13177; the best action is to apply the software update as soon as possible.

Vulnerability/
CVE-2024-13177

medium

5.2

CWE

610

15/4/2025

CVE-2024-13177: Symlink Following in Netskope Client Postinstall Script

First published: Tue Apr 15 2025(Updated: )

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Credit: psirt@netskope.com

Affected Software	Affected Version	How to fix
Netskope Client	<123.0<117.1.11.2310<120.1.10.2306

Remedy

Upgrade the Netskope Client to one of the following versions: * R123 or above * 120.1.10.2306 * 117.1.11.2310

Never miss a vulnerability like this again

Reference Links

https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation

Frequently Asked Questions

What is the severity of CVE-2024-13177?
The CVE-2024-13177 vulnerability is rated high due to the potential for privilege escalation on Mac OS systems.
How do I fix CVE-2024-13177?
To fix CVE-2024-13177, update the Netskope Client to the latest version available from the vendor.
Who is affected by CVE-2024-13177?
Netskope Client versions below 123.0, 117.1.11.2310, and 120.1.10.2306 on Mac OS are affected by CVE-2024-13177.
What kind of attack can CVE-2024-13177 enable?
CVE-2024-13177 can enable an attacker to escalate their privileges by exploiting a symbolic link in the Netskope Client installation process.
Is there a workaround for CVE-2024-13177?
There are no recommended workarounds for CVE-2024-13177; the best action is to apply the software update as soon as possible.

collector/mitre-cve
source/MITRE
agent/remedy
agent/references
agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
agent/source
agent/severity
agent/tags
agent/event
vendor/netskope
canonical/netskope client

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.