CWE
610
Advisory Published
Updated

CVE-2024-13177: Symlink Following in Netskope Client Postinstall Script

First published: Tue Apr 15 2025(Updated: )

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

Credit: psirt@netskope.com

Affected SoftwareAffected VersionHow to fix
Netskope Client<123.0<117.1.11.2310<120.1.10.2306

Remedy

Upgrade the Netskope Client to one of the following versions: * R123 or above * 120.1.10.2306 * 117.1.11.2310

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2024-13177?

    The CVE-2024-13177 vulnerability is rated high due to the potential for privilege escalation on Mac OS systems.

  • How do I fix CVE-2024-13177?

    To fix CVE-2024-13177, update the Netskope Client to the latest version available from the vendor.

  • Who is affected by CVE-2024-13177?

    Netskope Client versions below 123.0, 117.1.11.2310, and 120.1.10.2306 on Mac OS are affected by CVE-2024-13177.

  • What kind of attack can CVE-2024-13177 enable?

    CVE-2024-13177 can enable an attacker to escalate their privileges by exploiting a symbolic link in the Netskope Client installation process.

  • Is there a workaround for CVE-2024-13177?

    There are no recommended workarounds for CVE-2024-13177; the best action is to apply the software update as soon as possible.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203