CVE-2024-13177

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. A standard user could potentially create a symlink of the file “nsinstallation” to escalate the privileges of a different file on the system. This issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306.

CVSS

No CVSS.

References

Link	Resource
https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Netskope Client en Mac OS se ve afectado por una vulnerabilidad en la que el script de postinstalación no valida correctamente la ruta del archivo "nsinstallation". Un usuario estándar podría crear un enlace simbólico al archivo "nsinstallation" para escalar los privilegios de otro archivo del sistema. Este problema afecta a los clientes Netskope anteriores a la versión 123.0, 117.1.11.2310 y 120.1.10.2306.

15 Apr 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-15 16:15

Updated : 2026-04-15 00:35

NVD link : CVE-2024-13177

Mitre link : CVE-2024-13177

CVE.ORG link : CVE-2024-13177

JSON object : View

Products Affected

No product.

CWE

CWE-610

Externally Controlled Reference to a Resource in Another Sphere

{"id": "CVE-2024-13177", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@netskope.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.2, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-15T16:15:21.903", "references": [{"url": "https://support.netskope.com/s/article/Netskope-Security-Advisory-Netskope-Client-installer-with-symbolic-link-following-vulnerability-leading-to-privilege-escalation", "source": "psirt@netskope.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@netskope.com", "description": [{"lang": "en", "value": "CWE-610"}]}], "descriptions": [{"lang": "en", "value": "Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file \u201cnsinstallation\u201d. A standard user could potentially create a symlink of the file \u201cnsinstallation\u201d to escalate the privileges of a different file on the system. \nThis issue affects Netskope Client: before 123.0, before 117.1.11.2310, before 120.1.10.2306."}, {"lang": "es", "value": "Netskope Client en Mac OS se ve afectado por una vulnerabilidad en la que el script de postinstalaci\u00f3n no valida correctamente la ruta del archivo \"nsinstallation\". Un usuario est\u00e1ndar podr\u00eda crear un enlace simb\u00f3lico al archivo \"nsinstallation\" para escalar los privilegios de otro archivo del sistema. Este problema afecta a los clientes Netskope anteriores a la versi\u00f3n 123.0, 117.1.11.2310 y 120.1.10.2306."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@netskope.com"}