CVE-2024-7402

Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine.

CVSS

No CVSS.

References

Link	Resource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002

Configurations

No configuration.

History

14 Aug 2025, 13:11

Type	Values Removed	Values Added
Summary		(es) Netskope ha identificado una posible vulnerabilidad en su agente (Cliente Netskope) que permite a un usuario malicioso manipular la configuración del Cliente Netskope mediante una actividad de intermediario (MITM) en el canal de comunicación del Cliente Netskope. Una explotación exitosa requeriría privilegios administrativos en el equipo y podría resultar en la alteración temporal de la configuración del Cliente Netskope o la desactivación o eliminación permanente del agente del equipo.

14 Aug 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-14 05:15

Updated : 2025-08-15 13:15

NVD link : CVE-2024-7402

Mitre link : CVE-2024-7402

CVE.ORG link : CVE-2024-7402

JSON object : View

Products Affected

No product.

CWE

CWE-354

Improper Validation of Integrity Check Value

{"id": "CVE-2024-7402", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "psirt@netskope.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.0, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "HIGH", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-14T05:15:26.010", "references": [{"url": "https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2024-002", "source": "psirt@netskope.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "psirt@netskope.com", "description": [{"lang": "en", "value": "CWE-354"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-354"}]}], "descriptions": [{"lang": "en", "value": "Netskope has identified a potential gap in its agent (Netskope Client) in which a malicious insider can potentially tamper the Netskope Client configuration by performing MITM (Man-in-the-Middle) activity on the Netskope Client communication channel. A successful exploitation would require administrative privileges on the machine, and could result in temporarily altering the configuration of Netskope Client or permanently disabling or removing the agent from the machine."}, {"lang": "es", "value": "Netskope ha identificado una posible vulnerabilidad en su agente (Cliente Netskope) que permite a un usuario malicioso manipular la configuraci\u00f3n del Cliente Netskope mediante una actividad de intermediario (MITM) en el canal de comunicaci\u00f3n del Cliente Netskope. Una explotaci\u00f3n exitosa requerir\u00eda privilegios administrativos en el equipo y podr\u00eda resultar en la alteraci\u00f3n temporal de la configuraci\u00f3n del Cliente Netskope o la desactivaci\u00f3n o eliminaci\u00f3n permanente del agente del equipo."}], "lastModified": "2025-08-15T13:15:30.237", "sourceIdentifier": "psirt@netskope.com"}