First published: Tue Apr 15 2025(Updated: )
Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.
Credit: psirt@netskope.com
Affected Software | Affected Version | How to fix |
---|---|---|
Netskope Client | <123.0<117.1.11.2310<120.1.10.2306 |
Upgrade the Netskope Client to one of the following versions: * R123 or above * 120.1.10.2306 * 117.1.11.2310
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE-2024-13177 vulnerability is rated high due to the potential for privilege escalation on Mac OS systems.
To fix CVE-2024-13177, update the Netskope Client to the latest version available from the vendor.
Netskope Client versions below 123.0, 117.1.11.2310, and 120.1.10.2306 on Mac OS are affected by CVE-2024-13177.
CVE-2024-13177 can enable an attacker to escalate their privileges by exploiting a symbolic link in the Netskope Client installation process.
There are no recommended workarounds for CVE-2024-13177; the best action is to apply the software update as soon as possible.